Dailydave mailing list archives
Great bugs!
From: dave <dave () immunityinc com>
Date: Wed, 17 Feb 2010 16:00:46 -0500
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Lately Immunity's been owning a lot of VPNs during consulting gigs. People never seem to test them, after all, they're security products! :> Whoever found THIS bug on the other hand, gets remote access into a lot of interesting boxes, I'm sure. Although they have to be configured for NTLMv1 (if that ever happens?). http://www.cisco.com/warp/public/707/cisco-sa-20100217-asa.shtml NTLMv1 Authentication Bypass Vulnerability Cisco ASA 5500 Series Adaptive Security Appliances contain a vulnerability that could result in authentication bypass when the affected appliance is configured to authenticate users against Microsoft Windows servers using the NTLMv1 protocol. Users can bypass authentication by providing an an invalid, crafted username during an authentication request. Any services that use a AAA server group that is configured to use the NTLMv1 authentication protocol is affected. Affected services include: * Telnet access to the security appliance * SSH access to the security appliance * HTTPS access to the security appliance (including Cisco ASDM access) * Serial console access * Privileged (enable) mode access * Cut-through proxy for network access * VPN access This vulnerability is documented in Cisco bug ID CSCte21953 ( registered customers only) and has been assigned Common Vulnerabilities and Exposures (CVE) ID CVE-2010-0568. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (GNU/Linux) Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org iEYEARECAAYFAkt8WP0ACgkQtehAhL0ghepTCACcDi4oLNdtN3AsNaW/f3mnPzpY P08AniLdAVAAkhb6lKGSe1aE3bWwk0+x =fDa4 -----END PGP SIGNATURE----- _______________________________________________ Dailydave mailing list Dailydave () lists immunitysec com http://lists.immunitysec.com/mailman/listinfo/dailydave
Current thread:
- Great bugs! dave (Feb 17)
- Re: Great bugs! Richard Miles (Feb 17)
- Re: Great bugs! Jonathan Cran (Feb 17)
- Re: Great bugs! Richard Miles (Feb 17)