Open IPMI / Bugs / #95 ipmiusr default account secure

#95 ipmiusr default account secure

Milestone: v1.0_(example)

Status: closed-fixed

Owner: nobody

Labels: None

Priority: 5

Updated: 2022-07-07

Created: 2022-07-06

Creator: hexing

Private: No

/etc/ipmi/lan.conf has a default cleartext account ipmiusr, if I don't configure the user, will he have this account by default, is there a security risk?
lan.conf permission is 644, ordinary users can also see, is not the risk of leaking the password?

Discussion

Corey Minyard - 2022-07-07

status: open --> closed-fixed
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:

Corey Minyard - 2022-07-07

You are right, I've adjusted the permissions to be 600 for the installed config file.

If you would like to refer to this comment somewhere else in this project, copy and paste the following link:

Corey Minyard - 2022-07-07

On Wed, Jul 06, 2022 at 02:19:50AM -0000, hexing wrote:

/etc/ipmi/lan.conf has a default cleartext account ipmiusr, if I don't configure the user, will he have this account by default, is there a security risk?
lan.conf permission is 644, ordinary users can also see, is not the risk of leaking the password?

Yes, you are right to worry about this. If you are using ipmi_sim in a
production system, yes, lan.conf should be 600 permissions. I've
modified the makefile to install them 600.

Thanks,

-corey

If you would like to refer to this comment somewhere else in this project, copy and paste the following link:

ipmiusr default account secure

Group

Searches

Help

#95 ipmiusr default account secure

Discussion