The (1) CHAP and (2) MS-CHAP-V2 authentication capabilities in the PPP Access Concentrator (PPPAC) function in Internet Initiative Japan SEIL/B1 firmware 1.00 up to and including 2.52 use the same challenge for each authentication attempt, which allows remote malicious users to bypass authentication via a replay attack.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
iij seil\\/b1 2.30 |
||
iij seil\\/b1 2.41 |
||
iij seil\\/b1 2.50 |
||
iij seil\\/b1 2.40 |
||
iij seil\\/b1 2.51 |
||
iij seil\\/b1 2.52 |
||
iij seil\\/b1 2.01 |
||
iij seil\\/b1 2.10 |
||
iij seil\\/b1 1.00 |
||
iij seil\\/b1 2.20 |
||
iij seil\\/b1 2.42 |