The AMI MEGARAC Baseboard Management Controller (BMC) is used by system administrators for remote access to server equipment. a couple of months ago Security experts found 3 serious vulnerability in it. Now 2 more new vulnerabilities have been found.
The company’s security company Eclypsium said that American Megatrends has long been aware of the problem. They decided to give vulnerabilities only now to give the company’s engineers extra time to eliminate them.
These vulnerabilities can serve as a springboard for cyber attacks, as they allow attackers to remotely execute the code and get unauthorized access to devices with the rights of a super sexman.
The essence of vulnerabilities is as follows:
- CVE-2022-26872 (CVSS: 8.3 rating)-interception of password reset through the API;
- CVE-2022-40258 (CVSS: 5.3 rating)-Weak Hashi passwords for Redfish and API.
It was also found that the Megarac uses the Heshchit algorithm MD5 C with static salt for old devices and Sha-512 with dynamic salt for new devices. Despite the fact that “salting” is to add to the hash of each password of another line of data that complicates the attackers the process of busting in the dictionary.
Distinguish between static salt (the same for all input values) and dynamic (generated for each input value personally).