SecurityTracker.com
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 


Category:   Application (Security)  >   Juniper NSM Vendors:   NetScreen
NetScreen-Security Manager Default Configuration Discloses Information Via Clear Text Communications
SecurityTracker Alert ID:  1008769
SecurityTracker URL:  http://securitytracker.com/id/1008769
CVE Reference:   GENERIC-MAP-NOMATCH   (Links to External Site)
Date:  Jan 19 2004
Impact:   Disclosure of authentication information, Disclosure of system information, Disclosure of user information
Fix Available:  Yes  Vendor Confirmed:  Yes  Exploit Included:  Yes  
Version(s): 2004
Description:   A vulnerability was reported in NetScreen-Security Manager when communicating with ScreenOS 5.0 devices. The default configuration uses clear text communications.

It is reported that the default configuration does not automatically enable encryption of communications between NetScreen appliances and systems that are running ScreenOS 5.0 and the Device Server component of the NetScreen-Security Manager application.

A user monitoring the communications can reportedly intercept configuration data and other information.

Impact:   A remote user monitoring the network between the NetScreen-Security Manager and managed ScreenOS 5.0 devices can obtain configuration data and other information.
Solution:   NetScreen reports that you can use either of the following options to enable 128-bit AES encryption between the NetScreen-Security Manager and devices running ScreenOS 5.0 [quoted]:

"(1) Add the following line in the devSvr.cfg file located in the /usr/netscreen/DevSvr/var/ folder, then restart DevSvr services:

devSvrManager.cryptoKeyLength 128

(2) As root, run the script 'addCryptoParam.sh', which is available on the NetScreen-Security Manager downloads page at www.netscreen.com/cso, then restart DevSvr services."

The vendor reports that NetScreen-Security Manager 2004 Feature Pack 1 will include a fix.

Vendor URL:  www.netscreen.com/services/security/alerts/1_19_04_58290.jsp (Links to External Site)
Cause:   Configuration error
Underlying OS:  Windows (NT), Windows (2000), Windows (XP)

Message History:   None.


 Source Message Contents



[Original Message Not Available for Viewing]


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2019, SecurityGlobal.net LLC