Axcess Network Receiver Installation Guide User Manual

Network Receiver

62

750.001.005 R04

© 2005 AXCESS Inc.

Description: Optional PPP slush command does not reflect changes to PPP API.

Solution: PPP command source has been updated.

1.02.p1

Problem: Slush password hashes were insecure--created by appending the

password to the username.

Since: Beta

Description: This is insecure because username 'root', password 'tini' hashes to the

same result as 'roott', 'ini' does. An attacker could guess the password in linear time.

Solution: Hash (username + ":" + password)

--------------------------

Problem: The AddUser command in Slush checked to see if a user existed in the

password file by using the String.startsWith() method on each line of the password

file.

Since: Beta

Description: This is a problem if a user "user_admin" existed, and you wanted to

create a user named "user". The operation would fail.

Solution: Parse the password from the file entry, compare using the String.equals()

method.

-------------------------

Problem: SLUSH ipconfig command changing PPP interface parameters.

Since: introduction of PPP

Description: Until this release the -a, -m and -g options made changes to the default

interface. If PPP is running as the default interface using the ipconfig command

would change parameters of the PPP link. PPP interface address assignment should

only be configured via the PPP class.

Solution: now the -a, -m, -g options only change the ethernet interface.

-------------------------

Problem: none

Since: introduction of SLUSH

Description: Changed nomenclature of loopback network interface. Interface name

changed to "lo" from "localhost". Interface type changed to "Local Loopback" from

"Ethernet".

Solution : none