A vulnerability in the Baseboard Management Controller (BMC) of Supermicro motherboards leaves 30,000 unpatched servers and their passwords available on the open market, according to Cari.net researchers. It seems login passwords are stored in clear and the file containing them is widely available for download by connecting to a specific port. To compromise vulnerable servers, an attacker can scan the port and download the remote login passwords stored in a binary file location called “/PSBlock”.