Bugtraq mailing list archives

Previous By Date Next
Previous By Thread Next

SecurID White Paper

From: peiterz () secnet com (Peiter Z)
Date: Wed, 4 Sep 1996 11:37:42 -0600

                SecurID Vulnerabilities White-Paper

Due to increased recent interest that has been witnessed on the net
about the SecurID token cards and potential vulnerabilities with their
use, we offer a white paper on some of the vulnerabilities that we believe
have been witnessed and/or speculated upon.

This paper is being put forth into the public domain by Secure Networks
Incorporated and is available at the following URL :
ftp://ftp.secnet.com/pub/papers/securid.ps

Topics dealt with in the paper include:

 . Race attacks based upon fixed length responses (still valid even with
      the current patch)
 . Denial of Service attacks based upon server patches
 . Server - Slave separation and replay attacks
 . Vulnerabilities in the communications with the ACE Server
 . A quick analysis of the communications with the ACE Server
 . Problems with out-of-band authentication

We hope this paper provides insight, enlightenment, and is helpful
to the security community in general.

thanks and enjoy,

Secure Networks Inc.
Previous By Date Next
Previous By Thread Next

Current thread: