Penetration Testing mailing list archives
Re: Netscreen ssh v.1 vulnerable??
From: Vladimir Parkhaev <vladimir () NoSPAMPLZ arobas net>
Date: Fri, 24 May 2002 21:00:52 -0400
Quoting Brian G. Kirsch (bkirsch () olosec com):
In testing a Netscreen 5, I noticed that ssh v.1 compatibility is enabled for remote management. The question is, is Netscreen vulnerable to the various ssh v.1 vulnerabilities -- specifically the SSH1 CRC-32 compensation attack detector vulnerability? Thanks.
According to Netscreen it is not. At least that what they said when that CRC-32 compensation thing first came out... I am sure you can find it somewhere on www.netscreen.com If 'manage ssh' is enabled on the untrusted interface you can try password guessing... Defaults are netscreen/netscreen :) ---------------------------------------------------------------------------- This list is provided by the SecurityFocus Security Intelligence Alert (SIA) Service. For more information on SecurityFocus' SIA service which automatically alerts you to the latest security vulnerabilities please see: https://alerts.securityfocus.com/
Current thread:
- Netscreen ssh v.1 vulnerable?? Brian G. Kirsch (May 24)
- Re: Netscreen ssh v.1 vulnerable?? Vladimir Parkhaev (May 25)