SecurID White Paper
Peiter Z
peiterz at secnet.com
Tue Sep 3 20:46:36 PDT 1996
SecurID Vulnerabilities White-Paper
Due to increased recent interest that has been witnessed on the net
about the SecurID token cards and potential vulnerabilities with their
use, we offer a white paper on some of the vulnerabilities that we believe
have been witnessed and/or speculated upon.
This paper is being put forth into the public domain by Secure Networks
Incorporated and is available at the following URL :
ftp://ftp.secnet.com/pub/papers/securid.ps
Topics dealt with in the paper include:
. Race attacks based upon fixed length responses (still valid even with
the current patch)
. Denial of Service attacks based upon server patches
. Server - Slave separation and replay attacks
. Vulnerabilities in the communications with the ACE Server
. A quick analysis of the communications with the ACE Server
. Problems with out-of-band authentication
We hope this paper provides insight, enlightenment, and is helpful
to the security community in general.
thanks and enjoy,
Secure Networks Inc.
More information about the Testlist
mailing list