On Mai 1, 2017 Intel disclosed the AMT vulnerability (INTEL-SA-00075), without publishing details. Security Researcher from Tenable has analyzed this vulnerability.
Intel’s Management Engine (ME) and also Intel AMT is available with many vPro processors. These Intel technologies are vulnerable. The AMT set up requires a password before it could be remotely accessed over a Web browser interface.
During analysis, Tenable found out that the HTTP Digest authentication method, used to access the web interface, was vulnerable. The team found an authentication bypass vulnerability. They was able to send any text or even a null string, the authentication mechanism was bypassed. This allows attackers remotely access the AMT web interface. They need only the user account name, which is ‘admin’ in many cases.
Tenable Network Security has published a blog post, explaining, that the cryptographic hash that the interface’s digest access authentication requires to verify someone is authorized to log in can be anything at all, including no string at all. Arstechnica has also an article discussing this issue.