PT-2007-3665 · Nortel · Nortel Vpn Router

Published

2007-04-27

Updated

2011-03-08

CVE-2007-2332

CVSS v2.0

9.0

High

Vector

AV:N/AC:L/Au:S/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions Nortel VPN Router (aka Contivity) versions 1000, 2000, 4000, and 5000 before 6 05.140

Description The issue allows remote authenticated users to obtain a password via a brute force attack on a hash from the LDAP store, due to the use of a fixed DES key to encrypt passwords.

Recommendations For versions before 6 05.140, update to version 6 05.140 or later to resolve the issue.

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Related Identifiers

CVE-2007-2332

Affected Products

Nortel Vpn Router

PT-2007-3665 · Nortel · Nortel Vpn Router

CVE-2007-2332

Related Identifiers

Affected Products

References · 5