SecurityTracker.com
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 


Category:   Device (Embedded Server/Appliance)  >   CryptoStor Vendors:   NeoScale Systems
NeoScale CryptoStor 700 Series Appliance Lets Remote Users Bypass Token-Based Authentication
SecurityTracker Alert ID:  1017396
SecurityTracker URL:  http://securitytracker.com/id/1017396
CVE Reference:   CVE-2006-3896   (Links to External Site)
Date:  Dec 19 2006
Impact:   Host/resource access via network
Fix Available:  Yes  Vendor Confirmed:  Yes  Exploit Included:  Yes  
Version(s): prior to firmware version 2.6
Description:   A vulnerability was reported in CryptoStor 700 series appliances. A remote user can bypass part of the authentication process.

A remote user can bypass the smartcard-based authentication. This authentication is performed by a CryptoStor ActiveX component, which can be disabled by the remote user. If ActiveX is disabled on the remote user's system, the appliance does not require the smartcard-based authentication.

The username and password based authentication is still required.

US-CERT reported this vulnerability.

Impact:   A remote user can bypass part of the authentication process.
Solution:   The vendor has issued a firmware fix (version 2.6) for the CryptoStor Tape 700 Series devices.
Vendor URL:  www.neoscale.com/English/Products/CryptoStor.html (Links to External Site)
Cause:   Authentication error

Message History:   None.


 Source Message Contents



[Original Message Not Available for Viewing]


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2019, SecurityGlobal.net LLC