Many computers, servers, storage devices and other types of processing devices are configured with remote management interfaces that allow administrators or other service personnel to access a given such device from a remote location even if the device is in a powered-down state. By way of example, a remote management interface of this type can be used to turn the device on and off, reboot or reinstall its operating system, access its sensors, and perform numerous other tasks. Interfaces of this type are often referred to as providing “out-of-band management” or “lights out management” functionality.
Some remote management interfaces utilize standardized protocols, such as Intelligent Platform Management Interface (IPMI) Specification, Second Generation, v2.0, October 2013, which is incorporated by reference herein.
Unfortunately, IPMI has a number of serious security deficiencies. For example, it typically relies on static passwords. Moreover, a flaw in the design of IPMI allows the performance of offline password-guessing attacks. Such deficiencies can be particularly problematic in view of common practices such as selecting weak passwords or sharing the same password over multiple devices within a given enterprise domain. For example, in some installations, learning a single password can give an attacker the ability to access thousands of devices. Also, a given password shared by multiple devices may also be accessible to multiple administrators, leading to additional vulnerability, particularly in the presence of turnover in administrative positions. Other protocols utilized in conventional remote management interfaces exhibit similar security deficiencies.