[30536] in bugtraq


home	help	back	first	fref	pref	prev	next	nref	lref	last	post

RE: Authentication Vulnerability in NetScreen ScreenOS

daemon@ATHENA.MIT.EDU (Brian Soby)
Thu Jun 26 14:29:22 2003

From: "Brian Soby" <tmpbox5@hotmail.com>
To: bugtraq@securityfocus.com
Date: Thu, 26 Jun 2003 17:37:53 +0000
Mime-Version: 1.0
Content-Type: text/plain; format=flowed
Message-ID: <Law10-F66lZ5wS9u1yV0002101a@hotmail.com>

>However, after a user is authenticated, anyone else may also access the 
>protected services if they orginate from the same source IP address (NAT'd 
>network). The authentication mechanism is designed to authenticate based on 
>source-ip address only.

Most firewalls track authenticated users based on the client's source IP 
address.  If you need a stronger method, you could always use the Netscreen 
Remote client software and require a secure tunnel from the clients to get 
to your protected resources.

-Brian Soby

_________________________________________________________________
The new MSN 8: advanced junk mail protection and 2 months FREE* 
http://join.msn.com/?page=features/junkmail


home	help	back	first	fref	pref	prev	next	nref	lref	last	post

[30536] in bugtraq

RE: Authentication Vulnerability in NetScreen ScreenOS

daemon@ATHENA.MIT.EDU (Brian Soby)Thu Jun 26 14:29:22 2003

daemon@ATHENA.MIT.EDU (Brian Soby)
Thu Jun 26 14:29:22 2003