Nortel: Technical Support: VPN Router Security Issue - Unauthorized Remote Access

You are currently browsing our site with javascriptdisabled. Some features may be unavailable. Learn more about viewing our site.

Welcome, Guest

Help Using This Site

VPN Router Security Issue - Unauthorized Remote Access

Description:	Before taking any action please ensure that you are viewing the latest official version of this security advisory by referencing http://www.nortel.com/securityadvisories Three areas of functionality in the Nortel VPN Router (formerly Contivity) have been discovered to create a potential security vulnerability. The three potential security vulnerabilities are: 1. Unauthorized Remote Access - There are two users configured on the Nortel VPN Router which do not readily appear to the system manager. These user accounts are stored in the VPN Router default LDAP for the various tunnel types (L2TP, IPSEC, PPTP, L2F). By default these user accounts exist in the LDAP template that is included with all VPN Router software builds starting with 3_60. The accounts are utilized by system diagnostics during a FIPS mode boot-up. The accounts remain in the LDAP even after the boot up diagnostics is completed. 2. Unauthorized VPN Router Administration Access - The VPN Router utilizes a web-based device administration interface. Most functions are available only after the system administrator is authorized, however Detack has discovered through the careful manipulation of the URL that some of the administrative web pages can be accessed without authorization. Once access has been achieved it is possible for the attacker to manipulate certain configuration settings on the compromised VPN Router. 3. Shared DES Key - All VPN Routers use the same DES key to encrypt user passwords. Affected products : Enterprise Data Products VPN Router (formerly known as Contivity) 1000, 2000, 4000, 5000 (all model numbers) ============== For further information about specific steps mentioned later in this bulletin, including screen-shots, please refer to Appendix A, which is attached. ============== ============== For more information please contact your next level of support or visit http://www.nortel.com/contact for support numbers within your re
Type:	Security Advisories
Number:	2007007918, Rev 1
Status:	Retired
Date:	2007-12-10

Show Associated Products

Bulletin Downloads

		Title	Extension	File Size	Language
		VPN Router Security Issue - Unauthorized Remote Access Checksum: 9c7748cb16a712cf1852ee121cdd8c5b [MD5]	[pdf]	22093 bytes	English

Associated Products

Contivity 1000 VPN Switch

Contivity 2000 VPN Switch

Contivity 4000 VPN Switch

VPN Router 5000

VPN Router Portfolio