Cyber Security Institute

§ Current Worries

Top 3 Worries

  • Regulations
  • Old Firewall Configurations
  • Security Awareness

§ Listening

For the best information

  • The underground
  • Audible
  • Executive Excellence
  • Music (to keep me sane)

§ Watching

For early warnings

  • 150 Security Websites
  • AP Newsfeeds
  • Vendors

Tuesday, March 22, 2005

Flaw found in Nortel’s VPN client

A security company has warned of a password flaw in Nortel’s VPN software.

Networks company Nortel is returning to the drawing board today after a security researcher claimed to have found a vulnerability in its virtual private network (VPN) software.

Security experts at NTA Monitor say that version 5.01 of Nortel’s Contivity VPN client for Windows is flawed because it gives users the option of saving their VPN username and password on the computer from which they access the VPN.  Although the software stores the password in an encrypted format in the registry, it also stores an unencrypted copy in other places on the hard drive, NTA Monitor said.  Nortel has acknowledged that it is unwise for users to save VPN passwords in this way, even though its software gives people this option.

“If you save your password in a VPN client, that is insecure,” said a Nortel spokesman.,39020375,39192402,00.htm

Posted on 03/22