Home page logo
/

bugtraq logo Bugtraq mailing list archives

SecurID White Paper
From: peiterz () secnet com (Peiter Z)
Date: Wed, 4 Sep 1996 11:37:42 -0600


                SecurID Vulnerabilities White-Paper

Due to increased recent interest that has been witnessed on the net
about the SecurID token cards and potential vulnerabilities with their
use, we offer a white paper on some of the vulnerabilities that we believe
have been witnessed and/or speculated upon.

This paper is being put forth into the public domain by Secure Networks
Incorporated and is available at the following URL :
ftp://ftp.secnet.com/pub/papers/securid.ps

Topics dealt with in the paper include:

 . Race attacks based upon fixed length responses (still valid even with
      the current patch)
 . Denial of Service attacks based upon server patches
 . Server - Slave separation and replay attacks
 . Vulnerabilities in the communications with the ACE Server
 . A quick analysis of the communications with the ACE Server
 . Problems with out-of-band authentication

We hope this paper provides insight, enlightenment, and is helpful
to the security community in general.

thanks and enjoy,

Secure Networks Inc.



  By Date           By Thread  

Current thread:
  • SecurID White Paper Peiter Z (Sep 04)
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]