NeoScale CryptoStor 700 Series Appliance Lets Remote Users Bypass Token-Based Authentication
|
|
SecurityTracker Alert ID: 1017396
|
|
SecurityTracker URL: http://securitytracker.com/id?1017396
|
|
CVE Reference: CVE-2006-3896
(Links to External Site)
|
Date: Dec 19 2006
|
Impact: Host/resource access via network
|
Fix Available: Yes
Exploit Included: Yes
Vendor Confirmed: Yes
|
Version(s): prior to firmware version 2.6
|
Description: A vulnerability was reported in CryptoStor 700 series appliances. A remote user can bypass part of the authentication process.
A remote user can bypass the smartcard-based authentication. This authentication is performed by a CryptoStor ActiveX component,
which can be disabled by the remote user. If ActiveX is disabled on the remote user's system, the appliance does not require the
smartcard-based authentication.
The username and password based authentication is still required.
US-CERT reported this vulnerability.
|
Impact: A remote user can bypass part of the authentication process.
|
Solution: The vendor has issued a firmware fix (version 2.6) for the CryptoStor Tape 700 Series devices.
|
Vendor URL: www.neoscale.com/English/Products/CryptoStor.html (Links to External Site)
|
Cause: Authentication error
|
|
Message History:
None.
|
Source Message Contents
|
Date: Tue, 19 Dec 2006 01:21:12 -0500
Subject: NeoScale Systems CryptoStor 700 series appliances fail to properly perform two-factor authentication
|
CVE-2006-3896
|
|
