RE: Authentication Vulnerability in NetScreen ScreenOS

["Brian Soby" <tmpbox5 () hotmail com>]

> However, after a user is authenticated, anyone else may also access the 
> protected services if they orginate from the same source IP address (NAT'd 
> network). The authentication mechanism is designed to authenticate based on 
> source-ip address only.

Most firewalls track authenticated users based on the client's source IP 
address.  If you need a stronger method, you could always use the Netscreen 
Remote client software and require a secure tunnel from the clients to get 
to your protected resources.

-Brian Soby

_________________________________________________________________
The new MSN 8: advanced junk mail protection and 2 months FREE* 
http://join.msn.com/?page=features/junkmail