PT-2004-1339 · Sygate · Sygate Secure Enterprise

Martin Oneal

Published

2004-08-18

Updated

2017-07-11

CVE-2004-0163

CVSS v2.0

5.0

Medium

Vector

AV:N/AC:L/Au:N/C:N/I:N/A:P

Name of the Vulnerable Software and Affected Versions Sygate Secure Enterprise (SSE) versions 3.5MR3 and earlier

Description The issue allows remote attackers to cause a denial of service, specifically resource exhaustion, by capturing a session and repeatedly replaying it. This is due to the software not changing the key used to encrypt data.

Recommendations For versions 3.5MR3 and earlier, consider implementing measures to prevent session replay attacks, such as regenerating encryption keys after a session is closed, until a patch is available.

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Related Identifiers

CVE-2004-0163

Affected Products

Sygate Secure Enterprise

PT-2004-1339 · Sygate · Sygate Secure Enterprise

CVE-2004-0163

Related Identifiers

Affected Products

References · 4