Firewalls: SecurID White Paper

Firewalls
(September 1996)

Indexed By Thread: [Previous] [Next]

Subject:	SecurID White Paper
From:	Peiter Z <peiterz @ secnet . com>
Date:	Wed, 4 Sep 1996 11:38:40 -0600 (MDT)
To:	firewalls @ greatcircle . com

                SecurID Vulnerabilities White-Paper
 
Due to increased recent interest that has been witnessed on the net
about the SecurID token cards and potential vulnerabilities with their 
use, we offer a white paper on some of the vulnerabilities that we believe 
have been witnessed and/or speculated upon.
 
This paper is being put forth into the public domain by Secure Networks
Incorporated and is available at the following URL :
ftp://ftp.secnet.com/pub/papers/securid.ps
 
Topics dealt with in the paper include:
 
 . Race attacks based upon fixed length responses (still valid even with
      the current patch)
 . Denial of Service attacks based upon server patches
 . Server - Slave separation and replay attacks
 . Vulnerabilities in the communications with the ACE Server
 . A quick analysis of the communications with the ACE Server
 . Problems with out-of-band authentication 
  
We hope this paper provides insight, enlightenment, and is helpful
to the security community in general.
 
thanks and enjoy,
 
Secure Networks Inc.

Follow-Ups:

Re: SecurID White Paper
From: lists @ lina . inka . de (Bernd Eckenfels)

Indexed By Date	Previous:	Re: C2 certified OS that can run a firewall From: Robert Hanson <roberth @ cet . com>
Indexed By Date	Next:	Re: SecurID White Paper From: lists @ lina . inka . de (Bernd Eckenfels)
Indexed By Thread	Previous:	[no subject] From: Ben @ explorateur . quaternet . fr
Indexed By Thread	Next:	Re: SecurID White Paper From: lists @ lina . inka . de (Bernd Eckenfels)