Vulnerability Description
The (1) CHAP and (2) MS-CHAP-V2 authentication capabilities in the PPP Access Concentrator (PPPAC) function in Internet Initiative Japan SEIL/B1 firmware 1.00 through 2.52 use the same challenge for each authentication attempt, which allows remote attackers to bypass authentication via a replay attack.
CVSS Score
LOW
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Iij | Seil\/B1 | 1.00 |
Related Weaknesses (CWE)
References
- http://jvn.jp/en/jp/JVN49602378/index.html
- http://jvndb.jvn.jp/ja/contents/2009/JVNDB-2009-000079.html
- http://secunia.com/advisories/37628Vendor Advisory
- http://www.osvdb.org/61118
- http://www.securityfocus.com/bid/37293
- http://www.seil.jp/seilseries/security/2009/a00697.phpVendor Advisory
- http://jvn.jp/en/jp/JVN49602378/index.html
- http://jvndb.jvn.jp/ja/contents/2009/JVNDB-2009-000079.html
- http://secunia.com/advisories/37628Vendor Advisory
- http://www.osvdb.org/61118
- http://www.securityfocus.com/bid/37293
- http://www.seil.jp/seilseries/security/2009/a00697.phpVendor Advisory
FAQ
What is CVE-2009-4409?
CVE-2009-4409 is a vulnerability with a CVSS score of 2.6 (LOW). The (1) CHAP and (2) MS-CHAP-V2 authentication capabilities in the PPP Access Concentrator (PPPAC) function in Internet Initiative Japan SEIL/B1 firmware 1.00 through 2.52 use the same challenge for e...
How severe is CVE-2009-4409?
CVE-2009-4409 has been rated LOW with a CVSS base score of 2.6/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2009-4409?
Check the references section above for vendor advisories and patch information. Affected products include: Iij Seil\/B1.