No … only a one time password. My password does not leave my computer.
But again. Yes, you can construct something that might be a risk. But the users
(by intention very limited amount) cannot run unsigned code (a Gert described
already). So in the moment we are waiting for the vendors and than
If someone can sniff your authentication...
You're in deep trouble.
Also for 2018, about dropping using whataboutdisms. It is clear
that those, oddly timed, flaws do not affect properly configured JNP
devices.
-
Alain Hebertaheb...@pubnix
Umm, you type the password into the box, right? The box stores that password
in memory so that it can build a TACACS+ request packet to send to the server?
Unless you are using SSH keys in lieu of passwords.
On Mon, Jan 08, 2018 at 05:16:01PM +0100, Sebastian Becker wrote:
> The password will
The password will not be seen on the box itself so no problem. The users are
tacacs+ authorized/authenticated.
Most scenarios are much easier to accomplish by using the already granted
rights on the boxes per user then using these kinds of attack vectors opened by
Meltdown and Spectre.
Our boxe
Hi,
On Mon, Jan 08, 2018 at 09:32:23AM +0100, Thilo Bangert wrote:
> Den 06-01-2018 kl. 19:49 skrev Sebastian Becker:
> > Same here. User that have access are implicit trusted.
>
> You do have individual user accounts on the equipment, right?
>
> The idea of having secure individual logins goes
Den 06-01-2018 kl. 19:49 skrev Sebastian Becker:
Same here. User that have access are implicit trusted.
You do have individual user accounts on the equipment, right?
The idea of having secure individual logins goes down the drain with
Meltdown and Spectre. You want to be sure that a person
Hello.
Info from Juniper:
https://forums.juniper.net/t5/Security-Now/Meltdown-amp-Spectre-Modern-CPU-vulnerabilities/ba-p/317254#
W dniu sob., 6.01.2018 o 19:51 Sebastian Becker napisał(a):
> Same here. User that have access are implicit trusted. So no need for
> panic.
>
> —
> Sebastian Becker
Same here. User that have access are implicit trusted. So no need for panic.
—
Sebastian Becker
s...@lab.dtag.de
> Am 06.01.2018 um 12:58 schrieb Gert Doering :
>
> Hi,
>
> On Sat, Jan 06, 2018 at 12:04:22PM +0100, james list wrote:
>> For cve related to Meltdown and Spectre I'm wondering to kn
Hi,
On Sat, Jan 06, 2018 at 12:04:22PM +0100, james list wrote:
> For cve related to Meltdown and Spectre I'm wondering to know what are you
> doing or going to do on your networking gears?
"Nothing"...
My networking gear does not execute external code (like, JavaScript),
so the question "will u
9 matches
Mail list logo