Home / Posts with tag "Gemalto"

Gemalto

A silver bullet for the attacker. A study into the security of hardware license tokens

22 January 2018

Why we decided to analyze SafeNet Sentinel Vulnerabilities and attack vectors Peculiar functionality Non-transparent security Update software to the current version (7.6) ASAP   In the past years, the problem of vulnerabilities in industrial automation systems has been becoming increasingly important. The fact that industrial control systems have been developing in parallel with IT systems,...
Several more vulnerabilities found and closed in popular license manager

03 October 2017

Kaspersky Lab ICS CERT has identified multiple vulnerabilities: denial of service (DOS), NTLM-relay attack, Stack buffer overflow, Remotely enabling web admin interface, Arbitrary memory read and possible remote code execution (RCE) in hasplms service that is a part of Gemalto’s HASP SRM, Sentinel HASP and Sentinel LDK products.
KLCERT-17-008: Sentinel LDK RTE: Remote enabling and disabling admin interface

02 October 2017

Remote enabling and disabling administrative interface opens new attack vectors on the remote system with Gemalto's HASP SRM, Sentinel HASP and Sentinel LDK products prior to Sentinel LDK RTE version 7.55.
KLCERT-17-007: Sentinel LDK RTE: Memory corruption might cause remote code execution

02 October 2017

Memory corruption in Gemalto's HASP SRM, Sentinel HASP and Sentinel LDK products prior to Sentinel LDK RTE version 7.55 might cause remote code execution.
KLCERT-17-006: Sentinel LDK RTE: Arbitrary memory read from controlled memory pointer leads to remote denial of service

02 October 2017

Arbitrary memory read from controlled memory pointer in Gemalto's HASP SRM, Sentinel HASP and Sentinel LDK products prior to Sentinel LDK RTE version 7.55 leads to remote denial of service.
KLCERT-17-005: Sentinel LDK RTE: Remote manipulations with language pack updater lead to NTLM-relay attack for system user

02 October 2017

Remote manipulations with language pack updater lead to NTLM-relay attack for system user in Gemalto's HASP SRM, Sentinel HASP and Sentinel LDK products prior to Sentinel LDK RTE version 7.55
KLCERT-17-004: Sentinel LDK RTE: Stack overflow in custom XML-parser leads to remote denial of service

02 October 2017

Stack overflow in custom XML-parser in Gemalto's HASP SRM, Sentinel HASP and Sentinel LDK products prior to Sentinel LDK RTE version 7.55 leads to remote denial of service.