CVSS2
Attack Vector
ADJACENT_NETWORK
Attack Complexity
MEDIUM
Authentication
SINGLE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:A/AC:M/Au:S/C:P/I:P/A:P
EPSS
Percentile
53.6%
NeoScale Systems CryptoStor 700 series appliances fail to properly perform two-factor authentication. This can make it easier to bypass the CryptoStor authentication process.
NeoScale Systems CryptoStor Tape units are tape backup encryption appliances. CryptoStor 700 series units provide two-factor authentication for administration functions. This is accomplished with a smartcard token plus a username and password combination.
The smartcard aspect of the two-factor authentication is performed on the client side within the web browser, using ActiveX and script. Disabling ActiveX can bypass this part of the two-factor authentication.
An attacker with knowledge of only the username and password for the administration console can gain administrative access to the CryptoStor unit. This would allow an attacker to add, change, or delete encryption rules and keys, establish cluster members, export keys for archival, and more.
Apply an update
This issue is addressed in the 2.6 version of the CryptoStor Tape 700 Series firmware. According to NeoScale, this version of the firmware makes the following changes:
a) changing the CryptoStor ActiveX component to not perform the actual authentication only to report on its success or failure. The CryptoStor ActiveX component version number was also changed.
b) changes to the cgi-bin program within the CryptoStor Appliance to perform the actual authentication. The cgi-bin program was also modified to not work with the original version of the CryptoStor ActiveX component
c) implementation of a Thawte certificate for the CryptoStor ActiveX component
339004
Filter by status: All Affected Not Affected Unknown
Filter by content: __ Additional information available
__ Sort by: Status Alphabetical
Expand all
Javascript is disabled. Click here to view vendors.
Notified: August 10, 2006 Updated: December 21, 2006
Affected
This vulnerability was possible because when a user configured for two-factor authentication with a SmartCard logged into the NeoScale CryptoStor Tape Appliance using a valid and current userid and password, the CryptoStor ActiveX component performed the second factor authentication of the user. The vulnerability resulted in the second factor authentication being bypassed and the user being authenticated without needing a SmartCard. The perpetrator was then able to perform all operations that the genuine user of the NeoScale CryptoStor Tape Appliance could perform.
This vulnerability was addressed by
a) changing the CryptoStor ActiveX component to not perform the actual authentication only to report on its success or failure. The CryptoStor ActiveX component version number was also changed.
b) changes to the cgi-bin program within the CryptoStor Appliance to perform the actual authentication. The cgi-bin program was also modified to not work with the original version of the CryptoStor ActiveX component
c) implementation of a Thawte certificate for the CryptoStor ActiveX component
These three changes have been implemented and are in the version of the NeoScale CryptoStor Tape Appliance code currently released (version 2.6).
The vendor has not provided us with any further information regarding this vulnerability.
Group | Score | Vector |
---|---|---|
Base | ||
Temporal | ||
Environmental |
This document was written by Will Dormann.
CVE IDs: | CVE-2006-3896 |
---|---|
Severity Metric: | 0.64 Date Public: |