Cipher 0: Why you should encrypt your server’s disks

by

Three years ago, I posted this question on Spiceworks: what’s the value in encrypting a server’s disks? I wrote in part:

“…in a hardware RAID system, individual disks – and correct me if I’m wrong – are of no value; it can’t be mounted via USB, for example, without the controller. With the controller, the thief has to boot the server at which point they’re presented with AD/OS-password level security.”

I’m not super proud of some of the assumptions I made in the post. Live and learn, and learn I did!

Now I have my answer: cipher 0

Recently, I got this call from a client: the server was making a lot of noise and everything was down. Sure enough, our monitoring system was showing that everything was offline. Fortunately, we require that all of our clients’ servers to have iLO cards in them, so I accessed the console over iLO at which point I was presented with dialog box from iLO which read (paraphrased):

“User ASDF is already logged in. Do you want to take over the session?”

ohcrapwhat?

After kicking that user out, I was presented with the Bitlocker recovery screen.

“Oh, thank $_deity I encrypted the disks!”

After a quick “hack ilo” Google search, all was revealed. It turns out that most-if-not-all baseboard management controllers (BMCs), which includes iLO, suffer from the same vulnerability in a software component called IPMI. IPMI lets one interact with a BMC using command line commands, and the vulnerability in IPMI called ‘cipher 0’ allows a bad actor to create user accounts in any BMC at the command line level.

So here’s the attack vector:

  1. A bad actor scans the internet for open ports that BMCs usually live on.
  2. When the bad actor finds an open BMC, he runs IPMI commands to create a new administrative user account the logs-in to the BMC.
  3. Once in, the bad actor presents his virtual media to the server over iLO and restarts the server.
  4. When the server boots-up, the bad actor interrupts the boot process to boot off of his media, then attempts to mount the server’s hard drive so he can either siphon information off of or side-load malware onto the server.

Fortunately, this client’s server’s disks were encrypted so he was stuck at the Bitlocker recovery screen.

As far as I can tell, there’s no good way to get around cipher 0 in iLO aside from disabling the inbound iLO perimeter firewall rule until we need it.

Hope this helps, and be safe out there!

Nate