| « CCA problems with non-English Windows versions | iPod Shuffle » |
Yet more CCA vulnerabilities
01/03/07
On the security mailing lists Bugtraq and Full Disclosure, Cisco has posted another security advisory regarding CCA.
This one is related to the management of CCA. What distinguishes this issue from the CCA client installation problems is that a successful exploit would result in the attacker being able to take over all client machines.
This shows once again that having a mono-culture system like CCA for security purposes is a bad thing (as I and others have repeatedly told Resnet.) Attacks on the single point of failure, the management system, break the whole system. A well-designed security system has multiple layers so that breaks at one layer do not result in a complete meltdown.
Update:
In response to the security advisory, one person posted this on the Full Disclosure list:
So, I read this to mean, the snapshot files are still downloadable without authentication, still have easily guessable names, and still contain sensitive information that can aid in an attack (what sensitive information?), but now the attacker has password hashes against which he has to do a three hour offline brute force, or perhaps a twenty second rainbow table lookup, rather than getting the plaintext straight off.
In other words, the security hole isn't fixed, it is just slightly obscured. Any marginally alive cracker can still get in.
Update 2:
The more mainstream tech news is now reporting on this vulnerability as well. CNET News has it on their front page.
No feedback yet
