On ThinkServer RD530 and RD560 servers manufactured before August 17, 2012, the TMM is preconfigured with default user credentials which are hidden from the TMM user list in the User Interface. Because the account is hidden, administrators cannot change the default User Name or Password from within the TMM User Interface. If your module is connected to the network and the IP address has been configured, an unauthorized user could gain access to your TMM via the default User Name and Password.
After updating to Baseboard Management Controller (BMC), version 1.4, log in to the TMM Web User Interface to change the default User ID and Password.
By default, the TMM’s network configuration is set to “Unspecified”. If this has not been changed, your TMM is not exposed. See the Solution section prior to changing the network configuration.
The above symptom is associated with, but not limited to, the following systems:
An updated TMM firmware is available which will unhide the default account, allowing an administrator to change the account credentials or disable the account entirely. TMM Firmware, version 1.4 or greater, contains this solution. After updating, use the TMM Web User Interface to disable the default User ID and Password.
To download and apply the new firmware, go to the appropriate URL below for your product: