[7767] in bugtraq
Re: Security Hole in Axent ESM
daemon@ATHENA.MIT.EDU (Dr. Mudge)
Thu Aug 27 10:47:09 1998
Date: Thu, 27 Aug 1998 10:27:53 -0500
Reply-To: "Dr. Mudge" <mudge@L0PHT.COM>
From: "Dr. Mudge" <mudge@L0PHT.COM>
To: BUGTRAQ@NETSPACE.ORG
>I talked with our Axent contact and he claimed that their file integrity
>validation could not be compromised by a hacker because Axent has
>security experts that designed ESM.
These are probably the same 'experts' that decided in 4.4 that XOR was a
strong cryptographic method of protecting the communications back to the
server from the remote clients. Apparently they changed this in 4.5 but
probably only after someone called their 'security experts' on it.
.mudge
