Farmer's paper includes some recommendations for server administrators on how to mitigate some of the identified issues and better secure their BMCs, but the researcher concludes that ultimately the problem of insecure IPMI implementations will linger on for a long time.
"Many of these problems would have been easy to fix if the IPMI protocol had undergone a serious security review or if the developers of modern BMCs had spent a little more effort in hardening their products and giving their customers the tools to secure their servers," Farmer said. "At this point, it is far too late to effect meaningful change. The sheer number of servers that include a vulnerable BMC will guarantee that IPMI vulnerabilities and insecure configurations will continue to be a problem for years to come."
Sign up for Computerworld eNewsletters.