Bugtraq mailing list archives
Re: [Full-disclosure] Re: RSA SecurID SID800 Token vulnerable by design
From: "Brian Eaton" <eaton.lists () gmail com>
Date: Sat, 9 Sep 2006 10:12:31 -0400
On 9/9/06, 3APA3A <3APA3A () security nnov ru> wrote:
The only additional attack factor this issue creates is attacker can get _physical_ access to console with user's credentials _any time_ while user is logged in, while in case token can not be red (e.g. it's not plugged to USB) he can only access console short after user logs in to compromised host (while token is not changed).
For web SSO in particular, accessing the token once is nearly as good as accessing it constantly. The token will be used for the initial authentication, but normally a cookie will be used for session tracking. An attacker who can sniff the token code can certainly steal the cookie as well. Two-factor auth cannot be said to make accessing the network from a compromised PC "safe". That does not make two-factor auth useless. With plain passwords, once the attacker has the password, they can access the network at will. With two-factor auth, they can access the network for a much more limited time span. Regards, Brian
Current thread:
- RSA SecurID SID800 Token vulnerable by design Hadmut Danisch (Sep 08)
- Re: RSA SecurID SID800 Token vulnerable by design 3APA3A (Sep 09)
- Re: [Full-disclosure] Re: RSA SecurID SID800 Token vulnerable by design Brian Eaton (Sep 09)
- Re[3]: RSA SecurID SID800 Token vulnerable by design 3APA3A (Sep 11)
- Re: Re[3]: RSA SecurID SID800 Token vulnerable by design Brian Eaton (Sep 11)
- Re[5]: RSA SecurID SID800 Token vulnerable by design 3APA3A (Sep 11)
- Re: [Full-disclosure] Re: RSA SecurID SID800 Token vulnerable by design Brian Eaton (Sep 09)
- Re: RSA SecurID SID800 Token vulnerable by design 3APA3A (Sep 09)
- Re: RSA SecurID SID800 Token vulnerable by design Bojan Zdrnja (Sep 11)
- Re[2]: RSA SecurID SID800 Token vulnerable by design 3APA3A (Sep 11)
- RE: [Full-disclosure] Re: RSA SecurID SID800 Token vulnerable by design Lyal Collins (Sep 11)
- Re: [Full-disclosure] Re: RSA SecurID SID800 Token vulnerable by design Brian Eaton (Sep 11)
- <Possible follow-ups>
- Re: RSA SecurID SID800 Token vulnerable by design vin (Sep 15)