JVN#49602378
SEIL/B1 authentication issue
Overview
SEIL/B1 contains an issue in the implementation of the PPP Access Concentrator (PPPAC) function, which may allow replay attacks to be performed during the authentication process.
Products Affected
- SEIL/B1 firmware 1.00 through 2.52
Description
The PPP Access Concentrator (PPPAC) function within SEIL/B1 contains an issue in the CHAP and MS-CHAP-V2 authentication processes, the same challenge value is repeatedly used for each authentication attempt.
Impact
A third party may be able to perform replay attacks. As a result, the third party may gain access to the network.
According the developer, when L2TP/IPsec is being used, the authentication challenges are protected by the encryption provided by IPsec, and therefore the probability of being affected by this issue are reduced.
Solution
Update the Software
Update to the latest version according to the information provided by the developer.
This vulnerability has been addressed by firmware 2.60 that was released on December 1, 2009.
Vendor Status
| Vendor | Status | Last Update | Vendor Notes |
|---|---|---|---|
| Internet Initiative Japan Inc. | Vulnerable | 2009/12/09 |
References
JPCERT/CC Addendum
Vulnerability Analysis by JPCERT/CC
Analyzed on 2009.12.09
| Measures | Conditions | Severity |
|---|---|---|
| Access Required | Routed - can be attacked over the Internet using packets |
|
| Authentication | None - anonymous or no authentication (IP addresses do not count) |
|
| User Interaction Required | None - the vulnerability can be exploited without an honest user taking any action |
|
| Exploit Complexity | Low-Medium - some expertise and/or luck required (most buffer overflows, guessing correctly in small space, expertise in Windows function calls) |
|
Credit
Other Information
| JPCERT Alert | |
| JPCERT Reports | |
| CERT Advisory | |
| CPNI Advisory | |
| TRnotes | |
| CVE |
CVE-2009-4409 |
| JVN iPedia |
JVNDB-2009-000079 |