8888888b. 8888888b. d8b 888 "Y88b 888 Y88b Y8P 888 888 888 888 888 888 8888b. 888d888 888d888 .d88b. 88888b. 888 d88P 8888b. 888 88888b. .d88b. 888 888 888 888 "88b 888P" 888P" d8P Y8b 888 "88b 8888888P" "88b 888 888 "88b d8P Y8b 888 888 888 888 .d888888 888 888 88888888 888 888 888 T88b .d888888 888 888 888 88888888 888 888 888 .d88P 888 888 888 888 Y8b. 888 888 888 T88b 888 888 888 888 888 Y8b. Y88b 888 8888888P" "Y888888 888 888 "Y8888 888 888 888 T88b "Y888888 888 888 888 "Y8888 "Y88888 888 Y8b d88P "Y88P" ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
Earlier this year a bug in the Intel Active Management Technology or Intel AMT for short this exploit was disclosed to Intel and a patch/update was avaliable however many people may not update there firmware to fix this as this is an out of band exploit which means that the exploit is on the hardware outside of the operating systems control and "vision".
So this is what the code roughtly looks like (Code was reverse-engenierd but is accurate enought for explation)
if(strncmp(computed_response, user_response, response_length))
deny_access();
If you are familar with the C lanuage you can see that this function checks the the user_response variable against the length of the response_length so if you sent "hello" it would check that "hello" is 5 character's long> However the attack works by sending no password or hash to compare so rather than this function checking that the user input is vaild it checks 0 bytes because no input was sent. There are various ways that this could have been prevented in the code such as checking that there were more than 0 bytes of data to check against.
So in summary the Intel AMT firmware doesn't check the user input makes sense and if you send no data it will log you in rather than giving you an access denied message.