OSVDB ID: 82975

Title: Innominate Multiple mGuard Products Private Key Calculation MitM Weakness

Info

Disclosure

Jun 14, 2012

Discovery

Unknown

Dates

Exploit

Unknown

Solution

Jun 14, 2012

Description

Multiple Innominate mGuard products contain a flaw related to an insufficient use of entropy in the generation of keys for HTTPS and SSH. This may allow an attacker to calculate the value of private keys, allowing them to sniff traffic or possibly inject commands to be executed on the remote system via a man-in-the-middle attack.

Classification

Location: Remote / Network Access
Attack Type: Input Manipulation
Impact: Loss of Integrity
Solution: Upgrade
Exploit: Exploit Private
Disclosure: Vendor Verified, Coordinated Disclosure
OSVDB: Authentication Required, SCADA

Solution

Upgrade to version 7.5.0 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.

Products

Innominate Security Technologies AG

mGuard Smart

HW-101020
HW-101050
BD-101010
BD-101020

mGuard PCI

HW-102020
HW-102050
BD-111010
BD-111020

mGuard Industrial RS

HW-105000
BD-501000
BD-501010
BD-501020

mGuard Blade

HW-104020
HW-104050

mGuard Delta

HW-103050
BD-201000

EAGLE mGuard

HW-201000
BD-301010

References

Credit

Unknown or Incomplete



Direct URL: http://osvdb.org/82975