Home    |    View Topics    |    Search    |    Contact Us    |   



Category:   Device (Embedded Server/Appliance)  >   CryptoStor Vendors:   NeoScale Systems
NeoScale CryptoStor 700 Series Appliance Lets Remote Users Bypass Token-Based Authentication
SecurityTracker Alert ID:  1017396
SecurityTracker URL:
CVE Reference:   CVE-2006-3896   (Links to External Site)
Date:  Dec 19 2006
Impact:   Host/resource access via network
Fix Available:  Yes  Vendor Confirmed:  Yes  Exploit Included:  Yes  
Version(s): prior to firmware version 2.6
Description:   A vulnerability was reported in CryptoStor 700 series appliances. A remote user can bypass part of the authentication process.

A remote user can bypass the smartcard-based authentication. This authentication is performed by a CryptoStor ActiveX component, which can be disabled by the remote user. If ActiveX is disabled on the remote user's system, the appliance does not require the smartcard-based authentication.

The username and password based authentication is still required.

US-CERT reported this vulnerability.

Impact:   A remote user can bypass part of the authentication process.
Solution:   The vendor has issued a firmware fix (version 2.6) for the CryptoStor Tape 700 Series devices.
Vendor URL: (Links to External Site)
Cause:   Authentication error

Message History:   None.

 Source Message Contents

[Original Message Not Available for Viewing]

Go to the Top of This SecurityTracker Archive Page

Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2019, LLC