[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Full-disclosure] Dell iDRAC6

To: phil <jabea@xxxxxxxxx>, full-disclosure@xxxxxxxxxxxxxxxxx
Subject: Re: [Full-disclosure] Dell iDRAC6
From: chris <chris@xxxxxxxxxxxxxxx>
Date: Thu, 07 Jul 2011 19:03:56 -0700

No DHCP, but, they sit on the typical RFC1918 192.168 block upon established 
link out-of-the-box. 

It's a feature. You shouldn't have OOB management on any externally accessable 
network anyway.

--chris

phil <jabea@xxxxxxxxx> wrote:

>Is it only me, but the iDRAC6 from Dell is kinda insecure. The default
>username and password is always root / calvin. (I configured a lot of Dell
>server from like  R610 to NX3000 and they all share that default password)
>
> 
>
>On the other hand, hp iLO got hardcoded password that change from each
>servers they ship.
>
> 
>
> 
>
>Both of them come pre-configured on some private class IP, at least the
>iDRAC is not DHCP by default, that's the only thing that make me think it's
>not at 100% insecure, but just not secure at 100% either.
>
> 
>
>
>_______________________________________________
>Full-Disclosure - We believe in it.
>Charter: http://lists.grok.org.uk/full-disclosure-charter.html
>Hosted and sponsored by Secunia - http://secunia.com/
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Prev by Date: Re: [Full-disclosure] Dell iDRAC6
Next by Date: Re: [Full-disclosure] Is there a system or program which presents HTTP response count
Previous by thread: Re: [Full-disclosure] Dell iDRAC6
Next by thread: [Full-disclosure] [SECURITY] [DSA 2275-1] openoffice.org security update
Index(es):
- Date
- Thread