NBU Appliance Vulnerability Scans....
I'm getting vulnerability tickets from our threat team on our netbackup appliances.
IPMI 2.0 RAKP RMCP+ Authentication HMAC Password Hash Exposure
and
IPMI 2.0 Cipher Type Zero Authentication Bypass Vulnerability
What is my best path of resolution to these issues? Please advise.
Appliance is a 5230 running 2.6x
I don't believe there has been much done for IPMI standard in regards to the RAKP hash exposure.
This is across the community and is not just specific to Symantec appliances.
From what I've read, the standard states that it has to send a salted hash to the client.
I would recommend, however, diabling other accounts from IPMI other than sysadmin and then to use a strong password that is unlikely to be brute forced or in a rainbow table.
ipmitool user disable 2 ipmitool user disable 4 ipmitool user disable 5
The sure fire way, of course, is to disable IPMI (Either per user or across the board). Second best way is to have the network segregated to only allow access from specific locations.
---------
Per http://www.symantec.com/docs/TECH218518 , cipher zero does not actually affect our systems.
The current setting for 0 is callback and it simply does not respond.
However, you can also do the following to mark it as unused and leave only 3, 8, and 12 available (As they should be as specified in our security guide. http://www.symantec.com/docs/DOC7350)
ipmitool lan set 3 cipher_privs XXXaXXXXaXXXaXX
