Yesterday Joel Langill pointed
out a vulnerability
report from ABB that was published over two weeks ago. The report addresses
an authentication vulnerability in the ABB Ellipse 8 products. The ABB report
notes that the vulnerability exists in the implementation of the Lightweight Directory
Access Protocol (LDAP)
that would allow an attacker with local network access to sniff the unsecured authentication
credentials sent between the Ellipse device and the LDAP/AD server.
As with any vulnerability that is found to exist in an
implementation of an industry-wide standard, the question arises; what other
vendors are using this vulnerable implementation?
NOTE: The ABB report states that the vulnerability was
reported in a “responsible disclosure”, but does not name the researcher making
the disclosure.
Posts
No comments:
Post a Comment