[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

SecurID White Paper




                SecurID Vulnerabilities White-Paper
 
Due to increased recent interest that has been witnessed on the net
about the SecurID token cards and potential vulnerabilities with their 
use, we offer a white paper on some of the vulnerabilities that we believe 
have been witnessed and/or speculated upon.
 
This paper is being put forth into the public domain by Secure Networks
Incorporated and is available at the following URL :
ftp://ftp.secnet.com/pub/papers/securid.ps
 
Topics dealt with in the paper include:
 
 . Race attacks based upon fixed length responses (still valid even with
      the current patch)
 . Denial of Service attacks based upon server patches
 . Server - Slave separation and replay attacks
 . Vulnerabilities in the communications with the ACE Server
 . A quick analysis of the communications with the ACE Server
 . Problems with out-of-band authentication 
  
We hope this paper provides insight, enlightenment, and is helpful
to the security community in general.
 
thanks and enjoy,
 
Secure Networks Inc.