77 matches found
JVN#49602378 SEIL/B1 authentication issue
The PPP Access Concentrator PPPAC function within SEIL/B1 contains an issue in the CHAP and MS-CHAP-V2 authentication processes, the same challenge value is repeatedly used for each authentication attempt. Impact A third party may be able to perform replay attacks. As a result, the third party ma...
Microsoft Windows IAS Remote Code Execution Vulnerability (974318)
This host is missing a critical security update according to Microsoft Bulletin MS09-071. SPDX-FileCopyrightText: 2009 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only...
Microsoft Internet Authentication Service MS-CHAP Security Bypass (MS09-071; CVE-2009-3677)
An elevation of privilege vulnerability has been reported in the Internet Authentication Service. Internet Authentication Service IAS is the Microsoft implementation of a Remote Authentication Dial-in User Service RADIUS server and proxy. As a RADIUS server, IAS performs centralized connection...
Wireshark CHAP dissector crash
The Check Point High-Availability Protocol CPHAP dissector in Wireshark 0.9.6 through 1.0.6 allows remote attackers to cause a denial of service crash via a crafted FWHAMYSTATE packet...
asleap - offline LEAP authentication hacking
MS-CHAP NTLM vulnerability allows offline passwords attacks...
Mac OS X pppd format string vulnerability
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 @stake, Inc. www.atstake.com Security Advisory Advisory Name: Mac OS X pppd format string vulnerability Release Date: 02/23/2004 Application: pppd 2.4.0 Platform: Mac OS X 10.3.2 and below Severity: Local users are able to retrieve PAP/CHAP credential...
CVE-2002-0849
Linux-iSCSI iSCSI implementation installs the iscsi.conf file with world-readable permissions on some operating systems, including Red Hat Linux Limbo Beta 1, which could allow local users to gain privileges by reading the cleartext CHAP password...
CVE-2002-0849
CVE-2002-0849 : The Linux-iSCSI implementation installs the iscsi.conf file with world-readable permissions on some OSes (e.g., Red Hat Linux Limbo Beta #1), which could allow local users to gain privileges by reading the cleartext CHAP password. Root cause: file permissions on iscsi.conf. Impact...
CVE-2002-0849
Linux-iSCSI iSCSI implementation installs the iscsi.conf file with world-readable permissions on some operating systems, including Red Hat Linux Limbo Beta 1, which could allow local users to gain privileges by reading the cleartext CHAP password...
iDEFENSE Security Advisory: iSCSI Default Configuration File Settings
iDEFENSE Security Advisory 08.08.2002 iSCSI Default Configuration File Settings DESCRIPTION iSCSI is a popular new protocol that allows the SCSI protocol to be used over traditional IP networks. This allows for SAN like storage arrays without requiring new network infrastructure. iSCSI’s primary...
more RADIUS authentication attack scenarios
Hello bugtraq, There is also problem with some vendor-specific RADIUS authentication implementation. For example Microsoft has it's specific attributes defined in RFC 2548. These attributes allow MS-CHAP and MS-CHAPv2 authentication via RADIUS. There is design flow in this authentication scenario...
Дырка в Tigris
Если клиент первый раз указывает неправильный пароль при CHAP/PAP-авторизации, то не создается аккаунтинговой записи в RADIUS...
CVE-1999-0160
Some classic Cisco IOS devices have a vulnerability in the PPP CHAP authentication to establish unauthorized PPP connections...
CVE-1999-0160
CVE-1999-0160 affects classic Cisco IOS devices and involves a vulnerability in PPP CHAP authentication that can allow establishing unauthorized PPP connections. The described issue targets PPP CHAP authentication in Cisco IOS software (not necessarily all platforms) and is noted in several sourc...
pptp.revisited.txt
Date: Sat, 13 Feb 1999 11:28:40 -0800 From: [email protected] To: [email protected] Subject: PPTP Revisited The following text is in the "iso-8859-1" character set. Your display is set for the "US-ASCII" character set. Some characters may be displayed incorrectly. Lots of people have aske...
Cisco CHAP Authentication Vulnerabilities
...
CVE-1999-0160
Some classic Cisco IOS devices have a vulnerability in the PPP CHAP authentication to establish unauthorized PPP connections...