security issue regarding remote access to LOM via ipmitool 1.8.7

I'm responsible for administering several Intel Xserves and like many of you, I tend to handle our business via the command line. We use the open source version of ipmitool (1.8.7) running on Red Hat Enterprise 4 to access LOMs. Right now I'm rather worried about Apple's IPMI implementation on the Xserves because after having set the LOM account name and password via the Server Monitor GUI, I can successfully run impi commands remotely from my RedHat system using the open source ipmitool with supplying the correct password. "ipmitool -H

-I lan -U " will prompt me for a password but I can then enter ANYTHING and the command will run OK. Of course, running Apple's ipmitool command from a remote Xserve handles the authentication correctly and requires the right password to run commands. This is a serious problem. Is anyone able to recreate it? BTW, how can I reset the LOM back to factory settings? ------ Yemi