Home page logo
/

pen-test logo Penetration Testing mailing list archives

Re: RSA SecurID sdconf.rec file
From: "Kelly Keeton" <kellyrkeeton () gmail com>
Date: Mon, 28 Jul 2008 10:26:43 -0700

you want to use your RSA server to change information in it. its no
good if you hack it up as there is verification on the file integrity.
you are correct you need to use the admin console to edit it. there is
no reason to change it out of the admin interface as your admin
interface needs to know of the host record for the client wanting to
auth against the server. so you would only get one way communication
with hacking the file.. other then just pentesting the new 7.1 there
isnt any "working server" that you get from this. I would suggest that
you call support and see if there is any tool that you can use for
your testing. (this was all changed in 6.0 as you stated)

On Tue, Jul 22, 2008 at 2:00 AM, Littlebighuman
<littlebighuman () gmail com> wrote:
Hi,

I'm looking for any information on the RSA sdconf.rec file. What kind of
encryption (if any) is used etc.

Secondary I would like a way to edit it, change IP-addresses for example. I
think  In 5.x versions of SecurID there was a utility included with the
server which you could use for that. Later in 6.x you could only do it
through the admin interface. The server I'm working on now is a 7.1, which
doesn't have it.

Does anyone have any experience with this file?

I did find a Perl extension for SecurID, but it seems very old (I'm
currently looking into that).

Regards,

Seb

------------------------------------------------------------------------
This list is sponsored by: Cenzic

Top 5 Common Mistakes inSecuring Web Applications
Get 45 Min Video and PPT Slides

www.cenzic.com/landing/securityfocus/hackinar
------------------------------------------------------------------------



------------------------------------------------------------------------
This list is sponsored by: Cenzic

Top 5 Common Mistakes in 
Securing Web Applications
Get 45 Min Video and PPT Slides

www.cenzic.com/landing/securityfocus/hackinar
------------------------------------------------------------------------


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]