Vulnerability Development mailing list archives
Re: DOCSIS vulnerability
From: Siegfried Loeffler <siegfried.loeffler () gmx net>
Date: 20 Mar 2002 16:09:47 -0000
In-Reply-To: <Pine.LNX.4.43.0203120939090.9902-200000 () mail securityfocus com> I think the analysis of this security issue has to be done in more detail. The DOCSIS standard and most equipment seems to implement a method for authenticating configuration files. It is true that the configuration file utility mentioned (http://docsis.sourceforge.net) does allow to create new configuration files. HOWEVER, if the operator has activated security there is a verification of an HMAC-MD5 digest (see DOCSIS spec SP-RFIv1.1-I08-020301) of the cable modem configuration file performed by the CMTS. The security hole described is thus in my opinion only applicable if security is switched off. However, there is a security issue nevertheless: It seems to me that using MD5-HMAC is not "unbreakable" with reasonable CPU power. Could somebody comment on the approximate time required with a "modern" PC to break this?
Current thread:
- Re: DOCSIS vulnerability, (continued)
- Re: DOCSIS vulnerability Matthew S. Hallacy (Mar 12)
- Re: DOCSIS vulnerability Mark (Mar 12)
- Re: DOCSIS vulnerability Matthew S. Hallacy (Mar 12)
- Re: DOCSIS vulnerability Dave Ahmad (Mar 12)
- Re: DOCSIS vulnerability Laurence Brockman (Mar 12)
- RE: DOCSIS vulnerability Rense Buijen (Mar 12)
- RE: DOCSIS vulnerability Justin Ellison (Mar 12)
- Re: DOCSIS vulnerability Rob Koliha (Mar 12)
- Re: DOCSIS vulnerability Matthew S. Hallacy (Mar 13)
- RE: DOCSIS vulnerability Justin Ellison (Mar 12)
- Re: DOCSIS vulnerability Matthew S. Hallacy (Mar 12)
- Re: DOCSIS vulnerability dana shetterly (Mar 19)
- Re: DOCSIS vulnerability Siegfried Loeffler (Mar 20)
- Re: DOCSIS vulnerability Adam Wheeler (Mar 21)
- Wireless device vulnerability? Meritt James (Mar 22)
- Re: Wireless device vulnerability? J Edgar Hoover (Mar 22)
- Re: DOCSIS vulnerability Rob Koliha (Mar 22)
- Wireless device vulnerability? Meritt James (Mar 22)