Flaw found in NetScreen Security Manager

Edmund X. DeJesus, Contributor

Administrators need to manually fix a vulnerability in NetScreen Security Manager until the company issues a service pack. Unless fixed, communication between Security Manager and devices running ScreenOS 5.0 is in clear text, exposing potentially valuable information to an attacker.

NetScreen has issued an advisory about its

    Requires Free Membership to View

Security Manager 2004. The product provides management of device configuration, network settings, administrative roles and security policies. The default configuration doesn't specify encryption for communications between Security Manager and network devices running ScreenOS 5.0. A local user who could eavesdrop on the traffic would see all data in cleartext and could obtain system information or sensitive information.

NetScreen plans to fix the problem in NetScreen Security Manager 2004 Feature Pack 1. Until then, administrators can edit a configuration file to specify encryption, or run a script.

There are Comments. Add yours.

TIP: Want to include a code block in your comment? Use <pre> or <code> tags around the desired text. Ex: <code>insert code</code>

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
Sort by: OldestNewest

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to: