Search <product_name> all support & community content...

IPMI Cipher Zero

Article: 100013059

Last Published: 2014-06-19

Ratings: 0 0

Product(s): Appliances

Problem

Security scanners will sometimes show a Cipher Zero problem on the IPMI of the Appliance.

This is a false positive, and the problem has been fixed.

Solution

We can see the cipher settings are at the default level for our appliances:

5220:/home/maintenance # ipmitool lan print 3

...

Cipher Suite Priv Max : caaaXXaaaXXaaXX

: X=Cipher Suite Unused

: c=CALLBACK

: u=USER

: o=OPERATOR

: a=ADMIN

: O=OEM

You can verify that Cipher Zero has been disabled by trying to connect with ipmitool with cipher zero.

Using ipmitool with "–C 0” will make it connect with cipher zero, and we can see that it fails:

5220:/home/maintenance # ipmitool -I lanplus -C 0 -H <IPMI_IP> -U admin -P P@ssw0rd user list

Set Session Privilege Level to ADMINISTRATOR failed: Insufficient privilege level

Error: Unable to establish IPMI v2 / RMCP+ session

Get User Access command failed (channel 14, user 1)

When I change it to “–C 3”, the default cipher setting, it works:

5220:/home/maintenance # ipmitool -I lanplus -C 3 -H <IPMI_IP> -U admin -P P@ssw0rd user list

ID Name Callin Link Auth IPMI Msg Channel Priv Limit

1 false false true ADMINISTRATOR

2 root false true true ADMINISTRATOR

3 sysadmin true true true ADMINISTRATOR

4 admin true true true ADMINISTRATOR

5 test3 false false true ADMINISTRATOR

man ipmitool:

-C <ciphersuite>

The remote server authentication, integrity, and encryption algorithms to use for IPMIv2 lanplus connections. See table

22-19 in the IPMIv2 specification. The default is 3 which specifies RAKP-HMAC-SHA1 authentication, HMAC-SHA1-96

integrity, and AES-CBC-128 encryption algorightms.

IPMI Cipher Zero

Problem

Solution

Was this content helpful?

Translated Content

IPMI Cipher Zero

Problem

Solution

Was this content helpful?

Article Languages

Translated Content

Translated Content