https://binreaper.pages.dev/tags/intel/ Recent content in Intel on binreaper Hugo en-us Wed, 27 May 2026 00:00:00 +0000 https://binreaper.pages.dev/posts/2026-05-27-bmcweb-disclosure/ Wed, 27 May 2026 00:00:00 +0000 https://binreaper.pages.dev/posts/2026-05-27-bmcweb-disclosure/ <h2 id="tldr">TL;DR</h2> <p>In February 2026 I audited bmcweb — the OpenBMC web server that runs on most modern BMCs from Intel, IBM, HPE, and NVIDIA. The audit produced four reportable findings: three pre-auth denial-of-service primitives on the HTTP path, and one mTLS authentication bypass. All four were disclosed privately to <code>openbmc-security@lists.ozlabs.org</code> on 2026-02-23. Joseph Reynolds (IBM, openbmc-security responder) responded the same day, indicating that &ldquo;90 days is consistent with project timelines&rdquo; but proposing to defer setting a fixed disclosure date until &ldquo;BMCWeb developers come up with a fix and let affected members ask if they need more time.&rdquo;</p>