Nortel Routers Plagued By Vulnerabilities

Detack GmbH has informed Nortel about three flaws in the Nortel VPN Router (formerly Contivity), which allow illegal incursion up to the administrative level.

All three Nortel VPN Routers 1000, 2000 and 4000 are exposed by the vulnerabilities, the purveyor stated in an advisory released on April 19, 2007.

The first glitch occurs because two user accounts are retained in the VPN Router LDAP template by default option, undetected by the system manager. These user accounts are employed for channeling protocols like IPSEC, L2TP, L2F, and PPTP, and could provide hackers an unauthorized access into the main network, Nortel alleged in the caveat.

The next flaw, which allows illegal entry to the administration, is in the router's Internet-supported device management. A cyber-terrorist could fudge the URL to enter certain administrative pages without proper sanction. "Immediately after infiltrating the system, it becomes easier for the hacker to exploit selected configuration settings on the exposed VPN Router," the caveat cautioned.

Infected routers utilizing a mutually shared DES encoding key cause vulnerable access code encryption. This reason for the third flaw, can make it much simpler for cyber-terrorists to use 'brute force attack' to discover user account passwords, the Toronto-located networking purveyor mentioned in the advisory.

Nortel is urging its clients to safeguard themselves by raising their VPN Routers software program to edition 6_05.140.

Improvement to 6_05.140 provides moderation by offering the alternative of 3DES encoding, however code variants 5_0 and earlier cannot be improved to include this. Nortel is in fact functioning along with NIST and CORSEC to provide a variant of 7_00, which incorporates the 3DES upgrade for clients who demand FIPS, nevertheless in the meanwhile Nortel advocates the usage of secure passwords with a brief lifespan. But taking into consideration the pace with which DES can nowadays be breached, this would seem to provide just slight defense except against the most careless hackers.

In a report to Deepsight Threat Management System readers, Symantec gifted the flaws its strictest rating, a full 10 on a 10-point scale.

Nortel gave the entire credit to the German research company DeTack GmbH for detecting the flaws.

» SPAMfighter News - 5/1/2007