Some ways to extract or capture an IPMI password from a server

The usual mindset is that only a small group of trusted individuals can ever have the IPMI password for a group. However, there are numerous ways to get an IPMI password; some are targeted attacks, some are opportunistic, but all are effective. With shared password it only takes one compromised server to ruin everyone's day.