Major vulnerabilities in a protocol for remotely monitoring and managing servers would allow attackers to hijack the computers to gain control of them, access or erase data, or lock others out.
The vulnerabilities exist in more than 100,000 servers connected to the internet, according to two researchers.
The vulnerabilities reside in the Intelligent Platform Management Interface, a protocol used by Baseboard Management Controllers that are used to remotely monitor servers for heat and electricity issues as well as manage access to them and other functions.
The security holes would allow hackers to obtain password hashes from the servers or bypass authentication entirely to copy content, install a backdoor or even wipe the servers clean, according to Dan Farmer, an independent computer security consultant who conducted the research for the Defense Department’s DARPA.
A scan of the internet conducted by HD Moore, chief research officer at Rapid7 and creator of the Metasploit Framework penetration testing tool, found more than 100,000 systems online that were vulnerable to one or more of the security issues.
SOURCE: wired.com
Most Commented Posts
2020 Cybersecurity Landscape: 100+ Experts’ Predictions
Cyber Security Predictions 2021: Experts’ Responses
Experts’ Responses: Cyber Security Predictions 2023
Data Privacy Protection Day (Thursday 28th) – Experts Comments
Experts Insight On US Pipeline Shut After Cyberattack
Most Active Commenters
Recent Comments
“Cybersecurity Awareness Month’s new evergreen theme "Secure Our World” is…
“Avoid storing data on personal devices: A crucial but often overlooked…
“I recommend a new nuance to passwords that isn’t often…
“In my role overseeing cloud environments and incident response, I'm…
“Cybersecurity Awareness Month serves as a reminder to confront the…