CVE-2009-4409

Name of the Vulnerable Software and Affected Versions Internet Initiative Japan SEIL/B1 firmware versions 1.00 through 2.52

Description The issue concerns the PPP Access Concentrator function in the firmware, specifically the CHAP and MS-CHAP-V2 authentication capabilities. These capabilities use the same challenge for each authentication attempt, allowing remote attackers to bypass authentication via a replay attack.

Recommendations For versions 1.00 through 2.52, consider disabling the CHAP and MS-CHAP-V2 authentication capabilities until a patch is available. Restrict access to the PPP Access Concentrator function to minimize the risk of exploitation. Avoid using the same challenge for each authentication attempt to prevent replay attacks. At the moment, there is no information about a newer version that contains a fix for this issue.