Bugtraq mailing list archives

Re: Security Hole in Axent ESM

From: mudge () L0PHT COM (Dr. Mudge)
Date: Thu, 27 Aug 1998 10:27:53 -0500

I talked with our Axent contact and he claimed that their file integrity
validation could not be compromised by a hacker because Axent has
security experts that designed ESM.


These are probably the same 'experts' that decided in 4.4 that XOR was a
strong cryptographic method of protecting the communications back to the
server from the remote clients. Apparently they changed this in 4.5 but
probably only after someone called their 'security experts' on it.

.mudge

Current thread:

Re: Security Hole in Axent ESM Larry Bassett (Aug 27)
- <Possible follow-ups>
- Re: Security Hole in Axent ESM Dr. Mudge (Aug 27)
- Re: Security Hole in Axent ESM Steve McBride (Aug 27)
- Re: Security Hole in Axent ESM Douglas G Conorich (Aug 27)
  - Re: Security Hole in Axent ESM Mark (Aug 28)
    - Re: Security Hole in Axent ESM Bert Driehuis (Aug 29)
- Re: Security Hole in Axent ESM Douglas G Conorich (Aug 27)
- Re: Security Hole in Axent ESM Steve Jackson (Aug 28)
  - Re: Security Hole in Axent ESM Paul Ashton (Aug 28)
- Re: Security Hole in Axent ESM Andy Church (Aug 29)
- Re: Security Hole in Axent ESM reddog (Aug 30)
- Re: Security Hole in Axent ESM Andy Church (Aug 31)

(Thread continues...)