Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Exploits-HackingTools
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

[NT] Sygate Secure Enterprise Replay Attack

from [SecuriTeam] Network Security [Permanent Link]
Subject: [NT] Sygate Secure Enterprise Replay Attack
Date: 11 Aug 2004 17:37:37 +0200 
The following security advisory is sent to the securiteam mailing list, and can 
be found at the SecuriTeam web site: http://www.securiteam.com
- - promotion

The SecuriTeam alerts list - Free, Accurate, Independent.

Get your security news from a reliable source.
http://www.securiteam.com/mailinglist.html 

- - - - - - - - -



  Sygate Secure Enterprise Replay Attack
------------------------------------------------------------------------


SUMMARY

The  <http://www.sygate.com/products/enterprise_policy_management.htm> 
Sygate Secure Enterprise (SSE) provides "the necessary features required 
to scale policy management across the world's largest enterprises, driving 
individual and appropriate policies for up to hundreds of thousands of 
users". Part of this functionality is providing centralized logging 
functionality to both the Sygate Enforcer and Sygate Security Agent (SSA) 
products.

In practice, the SSE uses HTTP to communicate with the SSA clients. These 
exchanges do not implement any form of replay protection, so an attacker 
can simply send repeated requests until all the resources on the host are 
exhausted.

DETAILS

Vulnerable Systems:
 * Sygate Secure Enterprise versions prior to 3.5MR3

The SSE product communicates with valid SSA clients via the HTTP protocol. 
These exchanges include a number of fields that are encrypted using a 
static key (that is common across all SSA clients). Some of these fields 
uniquely identify the SSA client instance, and others contain the actual 
data payload, such as log entries for centralized storage, or 
authentication sequences.

As the key used to encrypt the data never changes, and the fields include 
no replay protection, all an attacker need do is to capture a valid 
protocol session, then replay it against the server repeatedly until the 
server exhausts all its resources.

CVE Information:
 <http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0163> 
CAN-2004-0163


ADDITIONAL INFORMATION

The information has been provided by  <mailto:martin.oneal@corsaire.com> 
Martin O'Neal.
The original article can be found at:  
<http://www.corsaire.com/advisories/c031120-002.txt> 
http://www.corsaire.com/advisories/c031120-002.txt



======================================== 


This bulletin is sent to members of the SecuriTeam mailing list. 
To unsubscribe from the list, send mail with an empty subject line and body to: 
list-unsubscribe@securiteam.com 
In order to subscribe to the mailing list, simply forward this email to: 
list-subscribe@securiteam.com 


==================== 
==================== 

DISCLAIMER: 
The information in this bulletin is provided "AS IS" without warranty of any 
kind. 
In no event shall we be liable for any damages whatsoever including direct, 
indirect, incidental, consequential, loss of business profits or special 
damages.
[More with this subject...]




<Prev in Thread] Current Thread [Next in Thread>
  • [NT] Sygate Secure Enterprise Replay Attack, SecuriTeam <=
Previous by Date:  [NT] WIDCOMM Bluetooth Connectivity Software Buffer Overflows, SecuriTeam
Next by Date:  [UNIX] Moodle Cross Site Scripting Vulnerability (post.php), SecuriTeam
Previous by Thread:  [NT] WIDCOMM Bluetooth Connectivity Software Buffer Overflows, SecuriTeam
Next by Thread:  [UNIX] Moodle Cross Site Scripting Vulnerability (post.php), SecuriTeam
Indexes:  [Date] [Thread] [Top] [All Lists]