Great bugs!

[dave <dave () immunityinc com>]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Lately Immunity's been owning a lot of VPNs during consulting gigs.
People never seem to test them, after all, they're security products!
:>

Whoever found THIS bug on the other hand, gets remote access into a lot
of interesting boxes, I'm sure. Although they have to be configured for
NTLMv1 (if that ever happens?).

http://www.cisco.com/warp/public/707/cisco-sa-20100217-asa.shtml


NTLMv1 Authentication Bypass Vulnerability

Cisco ASA 5500 Series Adaptive Security Appliances contain a
vulnerability that could result in authentication bypass when the
affected appliance is configured to authenticate users against Microsoft
Windows servers using the NTLMv1 protocol.

Users can bypass authentication by providing an an invalid, crafted
username during an authentication request. Any services that use a AAA
server group that is configured to use the NTLMv1 authentication
protocol is affected. Affected services include:

    * Telnet access to the security appliance
    * SSH access to the security appliance
    * HTTPS access to the security appliance (including Cisco ASDM access)
    * Serial console access
    * Privileged (enable) mode access
    * Cut-through proxy for network access
    * VPN access

This vulnerability is documented in Cisco bug ID CSCte21953 ( registered
customers only) and has been assigned Common Vulnerabilities and
Exposures (CVE) ID CVE-2010-0568.

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org

iEYEARECAAYFAkt8WP0ACgkQtehAhL0ghepTCACcDi4oLNdtN3AsNaW/f3mnPzpY
P08AniLdAVAAkhb6lKGSe1aE3bWwk0+x
=fDa4
-----END PGP SIGNATURE-----
_______________________________________________
Dailydave mailing list
Dailydave () lists immunitysec com
http://lists.immunitysec.com/mailman/listinfo/dailydave