Thousands of Supermicro baseboard management controllers (BMCs) continue to spit administrator passwords in cleartext after a patch described as unsuitable was not applied by admins.
Accessing the machines could be dead simple for the tech savvy; vulnerable boxes would pop during a net or Shodan scan for port 49152. Any of the roughly 3296 exposed BMCs could be accessed with the hardware's default password. The world's worst access code – "password" – would grant access to plenty of others.