There is a major security vulnerability for Supermicro servers with factory default IPMI settings! Three factory default settings contribute to the vulnerability, which potentially makes numerous Supermicro servers susceptible to remote control by malicious parties.

1) The factory default option for the IPMI interface is failover. For example, on the 4-GPU workstation Hydra, there are two dedicated LAN interfaces for the operating system (LAN1/2) and one dedicated LAN interface for IPMI. There are 3 options for the IPMI interface:

• Dedicated: Always use the dedicated IPMI interface.
• Shared: Always use the LAN1 interface.
• Failover (factory default): On boot, detect if the dedicated IPMI interface is connected. If so, use the dedicated interface, otherwise fall back to the shared LAN1.

2) The factory default behavior is for the IPMI device to acquire an IP address via DHCP.

3) The default ADMINISTRATOR username for On Supermicro Baseboard Management Controller (BMC) is ADMIN, and its default password is ADMIN.

So let’s assume that you’ve just bought a fancy Supermicro server or workstation, such as our 4-GPU workstation Hydra; you don’t plan to use, or even know anything about, IPMI. You simply plug a network cable to LAN1 to connect it to the internet, which you need to run the OS. Unbeknownst to you, IPMI interface will fail over to LAN1; and it will try to acquire an IP address via DHCP. More often than not, the IPMI interface will get a public routable IP address, with you being none the wiser! Then if an evil-doer knows the IP address for your IPMI interface — it is trivial to scan for such vulnerability — he can use the default ADMINISTRATOR username and password to remotely control your fancy computer!