Did I understand this correctly, that the only problem was that many users were unaware of the "anonymous" username existence, and left its default password unchanged? Did I understand it correctly, that you do not really need new firmware - you just need to change the default passwords?

If so, then I do not really understand what all this fuss is about. And what does it have to do with West, East, etc.

During your first log-in to the IPMI management web interface, you would immediately see that there are two users. And it is very obvious, that you MUST change both passwords. If you don't do that, then it's not really a "security flaw", it's your own fault. Well, ok, the design is not fool-proof. But that does not make it flawed.