CVE-2009-4409

Sažetak

The (1) CHAP and (2) MS-CHAP-V2 authentication capabilities in the PPP Access Concentrator (PPPAC) function in Internet Initiative Japan SEIL/B1 firmware 1.00 through 2.52 use the same challenge for each authentication attempt, which allows remote attackers to bypass authentication via a replay attack.

Reference

http://jvn.jp/en/jp/JVN49602378/index.html
http://jvndb.jvn.jp/ja/contents/2009/JVNDB-2009-000079.html
http://secunia.com/advisories/37628
http://www.osvdb.org/61118
http://www.securityfocus.com/bid/37293
http://www.seil.jp/seilseries/security/2009/a00697.php

CVSS

Base:	2.6
Impact:	2.9
Exploitability:	4.9

Pristup

Vektor	Složenost	Autentikacija
NETWORK	HIGH	NONE

Impact

Povjerljivost	Cjelovitost	Dostupnost
NONE	PARTIAL	NONE

CVSS vektor

AV:N/AC:H/Au:N/C:N/I:P/A:N

Zadnje važnije ažuriranje

06-01-2010 - 05:00

Objavljeno

23-12-2009 - 21:30