SecurID Vulnerabilities White-Paper
Due to increased recent interest that has been witnessed on the net
about the SecurID token cards and potential vulnerabilities with their
use, we offer a white paper on some of the vulnerabilities that we believe
have been witnessed and/or speculated upon.
This paper is being put forth into the public domain by Secure Networks
Incorporated and is available at the following URL :
Topics dealt with in the paper include:
. Race attacks based upon fixed length responses (still valid even with
the current patch)
. Denial of Service attacks based upon server patches
. Server - Slave separation and replay attacks
. Vulnerabilities in the communications with the ACE Server
. A quick analysis of the communications with the ACE Server
. Problems with out-of-band authentication
We hope this paper provides insight, enlightenment, and is helpful
to the security community in general.
thanks and enjoy,
Secure Networks Inc.