""ET POLICY Possible IPMI 2.0 RAKP Remote SHA1 Password Hash Retrieval RAKP message 1 with default BMC usernames (Admin|root|Administrator|USERID)""

SID: 2017120

Revision: 2

Class Type: protocol-command-decode

Metadata: created_at 2013_07_09, updated_at 2014_12_05

Reference:

Protocol: udp

Source Network: $EXTERNAL_NET

Source Port: any

Destination Network: $HOME_NET

Destination Port: 623

Flow:

Contents:

• Value: "|06 12|" Depth: 2 Offset: 4

Within:

PCRE: "/((\x0d|\x05)Admin(istrator)?|\x04root|\x06USERID)/Ri"

Special Options:

source