On July 2, 2013 Rapid 7 published a guide to security penetration testing of the latest IPMI 2.0 protocol and implementations by various vendors.
Vendors have provided patches that remediate most of the vulnerabilities, but the “IPMI 2.0 RAKP Authentication Remote Password Hash Retrieval” vulnerability has not yet been addressed. This arises from the difficulty that the IPMI 2.0 specification is flawed in that it reveals the password hash and salt to anonymous remote clients. This allows for offline brute force attacks. Complete remediation will require a change to the IPMI specification.