Intro
I love Supermicro, they make great boards and some of my favorite chassis. Typically I like to build my own servers so I’m not stuck buying hard drives just to get trays or subject to back doors out of the box. I build most servers from parts so I can pick the hardware I like and make sure I’m using what I consider to be the newest stable set. However, I recently stumbled across the fact that on older versions of Supermicro IPMI firmware the system will just give you the admin password.
The problem
IPMI is a standard remote management tool typically built into server class motherboards. This means you can remotely:
- Power cycle the unit
- Change some setup/BIOS options
- Monitor sensors (temp, fan levels etc)
- Open a console as if you plugged into VGA
- Access the machine, even if it is off