Home » Hacking News » SafeBoot Authentication Weakness
SafeBoot Authentication Weakness
by Mario Miri on March 27th, 2003 When an authentication attempt fails, SafeBoot responds with information whether a username or the password was incorrect. This allows an attacker to gain information of valid usernames which would allow him to perform a brute force attacks on SafeBoot.
Vulnerable:
Control Break International SafeBoot 3.5
Control Break International SafeBoot 4.0
Control Break International SafeBoot 4.0 SP1
Control Break International SafeBoot 4.0 SP2
Control Break International SafeBoot 4.0 SP2a
Control Break International SafeBoot 4.1
Control Break International SafeBoot 4.1 SP1
Control Break International SafeBoot 4.1 SP2
Solution:
Vendor patches are available.
http://www.safeboot.com/
Discovered by:
Chris Crute