The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a database and tools to fix them.

Vulnerability of Netasq, Stormshield Network Security: Man-in-the-Middle via NSRPC Client

Synthesis of the vulnerability

An attacker can act as a Man-in-the-Middle via NSRPC on Netasq or Stormshield Network Security, in order to obtain administrator privileges.
Severity of this announce: 2/4.
Creation date: 30/05/2016.
Références of this computer vulnerability: STORM-2016-001, VIGILANCE-VUL-19729.

Description of the vulnerability

The Netasq and Stormshield Network Security products use the NSRPC client.

However, an attacker can alter the size of NSRPC message, to perform a brute force, to get the administrator password hash.

An attacker can therefore act as a Man-in-the-Middle via NSRPC on Netasq or Stormshield Network Security, in order to obtain administrator privileges.
Full Vigil@nce bulletin... (Free trial)

This vulnerability note impacts software or systems such as SNS, NETASQ.

Our Vigil@nce team determined that the severity of this cybersecurity vulnerability is medium.

The trust level is of type confirmed by the editor, with an origin of intranet server.

An attacker with a expert ability can exploit this computer threat note.

Solutions for this threat

Netasq, Stormshield Network Security: solution for NSRPC Client.
The solution is indicated in information sources.
Full Vigil@nce bulletin... (Free trial)

Computer vulnerabilities tracking service

Vigil@nce provides a cybersecurity workaround. The Vigil@nce team tracks computer vulnerabilities impacting systems and applications.