Critical Flaws Found In Nortel VPN Routers
The Nortel VPN Router product line, formerly known as Contivity, includes IPsec and SSL VPN, firewall, bandwidth management, encryption, authentication, and data integrity for secure connectivity.
Nortel VPN Routers 1000, 2000 and 4000, are affected by the flaws, the vendor said in an advisory issued Thursday.
The first vulnerability is due to the fact that two default user accounts are stored by default in the VPN Router LDAP template and aren't visible to the system manager. These accounts, which are used for tunneling protocols such as L2TP, IPSEC, PPTP, and L2F, could give attackers a back door into the underlying network, Nortel said in the advisory.
A second vulnerability in the web-based management interface could enable a miscreant to tweak the URL and gain access to some of the administrative pages without logging in, which would allow them to change configuration settings, Nortel said.
Weak password encryption -- the result of the affected routers using a common shared DES encryption key -- is the cause of a third vulnerability, which could make it easier for hackers to 'brute force' user account passwords, the Toronto-based networking vendor noted in the advisory.
Nortel is recommending that customers protect themselves by upgrading their VPN Routers system software to version 6_05.140.
Symantec, in a bulletin to Deepsight Threat Management System subscribers, gave the vulnerabilities its highest severity rating, 10 on a 10 point scale.
Nortel credited German research firm DeTack GmbH for discovering the vulnerabilities.