Vulnerabilities > CVE-2006-3896 - Authentication Bypass vulnerability in NeoScale Systems CryptoStor Tape 700 Series Appliance SmartCard

CVSS 4.9 - MEDIUM

Attack vector

ADJACENT_NETWORK

Attack complexity

MEDIUM

Privileges required

SINGLE

Confidentiality impact

PARTIAL

Integrity impact

PARTIAL

Availability impact

PARTIAL

neoscale-systems

NVD

Published: 2006-12-19

Updated: 2011-03-08

Summary

The NeoScale Systems CryptoStor 700 series appliance before 2.6 relies on client-side ActiveX code for smartcard authentication, which allows remote attackers to bypass smartcard authentication, and gain access if able to present a valid username and password, by disabling ActiveX.

Vulnerable Configurations

Part	Description	Count
Hardware	Neoscale_Systems Neoscale Systems Cryptostor Tape 700 *	1

References

http://secunia.com/advisories/23430
http://securitytracker.com/id?1017396
http://www.kb.cert.org/vuls/id/339004
http://www.securityfocus.com/bid/21652
http://www.vupen.com/english/advisories/2006/5063