[3328] in bugtraq
SecurID White Paper
daemon@ATHENA.MIT.EDU (Peiter Z)
Tue Sep 3 21:10:22 1996
Date: Wed, 4 Sep 1996 11:37:42 -0600
Reply-To: Peiter Z <peiterz@secnet.com>
From: Peiter Z <peiterz@secnet.com>
To: Multiple recipients of list BUGTRAQ <BUGTRAQ@netspace.org>
SecurID Vulnerabilities White-Paper
Due to increased recent interest that has been witnessed on the net
about the SecurID token cards and potential vulnerabilities with their
use, we offer a white paper on some of the vulnerabilities that we believe
have been witnessed and/or speculated upon.
This paper is being put forth into the public domain by Secure Networks
Incorporated and is available at the following URL :
ftp://ftp.secnet.com/pub/papers/securid.ps
Topics dealt with in the paper include:
. Race attacks based upon fixed length responses (still valid even with
the current patch)
. Denial of Service attacks based upon server patches
. Server - Slave separation and replay attacks
. Vulnerabilities in the communications with the ACE Server
. A quick analysis of the communications with the ACE Server
. Problems with out-of-band authentication
We hope this paper provides insight, enlightenment, and is helpful
to the security community in general.
thanks and enjoy,
Secure Networks Inc.
