[Japanese]
|
JVNDB-2009-000079
|
SEIL/B1 authentication issue
|
SEIL/B1 contains an issue in the implementation of the PPP Access Concentrator (PPPAC) function, which may allow replay attacks to be performed during the authentication process.
The PPP Access Concentrator (PPPAC) function within SEIL/B1 contains an issue in the CHAP and MS-CHAP-V2 authentication processes, the same challenge value is repeatedly used for each authentication attempt.
|
CVSS V2 Severity: Base Metrics 2.6 (Low) [IPA Score]
- Access Vector: Network
- Access Complexity: High
- Authentication: None
- Confidentiality Impact: None
- Integrity Impact: Partial
- Availability Impact: None
|
|
Internet Initiative Japan Inc.
- SEIL/B1 firmware 1.00 through 2.52
|
|
A third party may be able to perform replay attacks. As a result, the third party may gain access to the network.
According the developer, when L2TP/IPsec is being used, the authentication challenges are protected by the encryption provided by IPsec, and therefore the probability of being affected by this issue are reduced.
|
[Update the Software]
Update to the latest version according to the information provided by the developer.
This vulnerability has been addressed by firmware 2.60 that was released on December 1, 2009.
|
Internet Initiative Japan Inc.
|
- Improper Authentication(CWE-287) [IPA Evaluation]
|
- CVE-2009-4409
|
- JVN : JVN#49602378
- National Vulnerability Database (NVD) : CVE-2009-4409
- Secunia Advisory : SA37628
- SecurityFocus : 37293
- OPEN SOURCE VULNERABILITY DATABASE (OSVDB) : 61118
|
- [2009/12/09]
Web page published
|