RedTeam Pentesting GmbH
-------------------------------------------------------------------
#!/usr/bin/env ruby
######################################
# #
# RedTeam Pentesting GmbH #
# kontakt@redteam-pentesting.de #
# http://www.redteam-pentesting.de #
# #
######################################
-----Original Message-----
From: Barry Raveendran Greene [mailto:bgreene@senki.org]
Sent: Monday, December 21, 2009 9:16 PM
To: 'RedTeam Pentesting GmbH'; bugtraq@securityfocus.com
Subject: RE: TLS Renegotiation Vulnerability: Proof of Concept Code
(Python)
Also, can you change this:
------------------------------------------------------------------------
#!/bin/sh
######################################
# #
# RedTeam Pentesting GmbH #
# kontakt@redteam-pentesting.de #
# http://www.redteam-pentesting.de #
# #
######################################
2009-04-28 CVE number assigned
2009-05-05 Vendor publishes fixed version
2009-05-05 Advisory released
RedTeam Pentesting GmbH
=======================
RedTeam Pentesting is offering individual penetration tests, short
pentests, performed by a team of specialised IT-security experts.
Hereby, security weaknesses in company networks or products are
2009-07-14 Meeting with customer
2009-12-01 Vendor releases fixed version
2010-01-27 Advisory released
RedTeam Pentesting GmbH
=======================
RedTeam Pentesting offers individual penetration tests, short pentests,
performed by a team of specialised IT-security experts. Hereby, security
weaknesses in company networks or products are uncovered and can be
Thanks,
Barry
> -----Original Message-----
> From: RedTeam Pentesting GmbH [mailto:release@redteam-pentesting.de]
> Sent: Monday, December 21, 2009 5:04 AM
> To: bugtraq@securityfocus.com
> Subject: TLS Renegotiation Vulnerability: Proof of Concept Code
> (Python)
>
http://www1.alcatel-lucent.com/psirt/statements.htm
reference number 2007002
RedTeam Pentesting GmbH
=======================
RedTeam Pentesting is offering individual penetration tests, short
pentests, performed by a team of specialised IT-security experts.
Hereby, security weaknesses in company networks or products are
2009-07-14 Meeting with customer
2009-12-01 Vendor releases fixed version
2010-01-27 Advisory released
RedTeam Pentesting GmbH
=======================
RedTeam Pentesting offers individual penetration tests, short pentests,
performed by a team of specialised IT-security experts. Hereby, security
weaknesses in company networks or products are uncovered and can be
References
==========
[0] http://www.papoo.de/cms-news-und-infos/security/papoo-sicherheitsmeldung-07-2009.html
RedTeam Pentesting GmbH
=======================
RedTeam Pentesting is offering individual penetration tests, short
pentests, performed by a team of specialised IT-security experts.
Hereby, security weaknesses in company networks or products are
2011-02-09 Vendor confirmed the vulnerability
2011-03-10 Vendor releases fix
2011-03-15 Advisory released
RedTeam Pentesting GmbH
=======================
RedTeam Pentesting offers individual penetration tests, short pentests,
performed by a team of specialised IT-security experts. Hereby, security
weaknesses in company networks or products are uncovered and can be
RedTeam Pentesting likes to thank ZyXEL for the fast response and
professional collaboration.
RedTeam Pentesting GmbH
=======================
RedTeam Pentesting offers individual penetration tests, short pentests,
performed by a team of specialised IT-security experts. Hereby, security
weaknesses in company networks or products are uncovered and can be
[2] http://www.unix-ag.uni-kl.de/~conrad/krypto/pkcrack.html
[3] http://www.elcomsoft.com/archpr.html
[4] http://httpd.apache.org/docs/2.0/mod/core.html#acceptpathinfo
RedTeam Pentesting GmbH
=======================
RedTeam Pentesting offers individual penetration tests, short pentests,
performed by a team of specialised IT-security experts. Hereby, security
weaknesses in company networks or products are uncovered and can be
2009-04-28 CVE number assigned
2009-05-05 Vendor publishes fixed version
2009-05-05 Advisory released
RedTeam Pentesting GmbH
=======================
RedTeam Pentesting is offering individual penetration tests, short
pentests, performed by a team of specialised IT-security experts.
Hereby, security weaknesses in company networks or products are
2009-04-28 CVE number assigned
2009-05-05 Vendor publishes fixed version
2009-05-05 Advisory released
RedTeam Pentesting GmbH
=======================
RedTeam Pentesting is offering individual penetration tests, short
pentests, performed by a team of specialised IT-security experts.
Hereby, security weaknesses in company networks or products are
2009-04-28 CVE number assigned
2009-05-05 Vendor publishes fixed version
2009-05-05 Advisory released
RedTeam Pentesting GmbH
=======================
RedTeam Pentesting is offering individual penetration tests, short
pentests, performed by a team of specialised IT-security experts.
Hereby, security weaknesses in company networks or products are
2008-01-17 CVE number assigned
2008-03-10 Vendor releases fixed version
2008-03-11 Advisory released
RedTeam Pentesting GmbH
=======================
RedTeam Pentesting is offering individual penetration tests, short
pentests, performed by a team of specialised IT-security experts.
Hereby, security weaknesses in company networks or products are
The full paper is available in German and English at
http://www.redteam-pentesting.de/publications/MitM-chipTAN-comfort
--
RedTeam Pentesting GmbH Tel.: +49 241 963-1300
Dennewartstr. 25-27 Fax : +49 241 963-1304
52068 Aachen http://www.redteam-pentesting.de/
Germany Registergericht: Aachen HRB 14004
Geschftsfhrer: Patrick Hof, Jens Liebchen, Claus R. F. Overbeck
to raise awareness for the vulnerability and its potential impact. Furthermore,
it shall give interested persons the opportunity to analyse applications
employing TLS for further vulnerabilities.
--
RedTeam Pentesting GmbH Tel.: +49 241 963-1300
Dennewartstr. 25-27 Fax : +49 241 963-1304
52068 Aachen http://www.redteam-pentesting.de/
Germany Registergericht: Aachen HRB 14004
Geschftsfhrer: Patrick Hof, Jens Liebchen, Claus R. F. Overbeck
2011-10-31 Vendor notified
2011-11-30 Vendor releases new version that does not fix the issue
2011-12-15 Advisory released
RedTeam Pentesting GmbH
=======================
RedTeam Pentesting offers individual penetration tests, short pentests,
performed by a team of specialised IT-security experts. Hereby, security
weaknesses in company networks or products are uncovered and can be
2011-10-31 Vendor notified
2011-11-30 Vendor released fixed version and notifies customer base
2011-12-15 Advisory released
RedTeam Pentesting GmbH
=======================
RedTeam Pentesting offers individual penetration tests, short pentests,
performed by a team of specialised IT-security experts. Hereby, security
weaknesses in company networks or products are uncovered and can be
|
