Gemalto
A silver bullet for the attacker. A study into the security of hardware license tokens
22 January 2018
Why we decided to analyze SafeNet Sentinel Vulnerabilities and attack vectors Peculiar functionality Non-transparent security Update software to the current version (7.6) ASAP In the past years, the problem of vulnerabilities in industrial automation systems has been becoming increasingly important. The fact that industrial control systems have been developing in parallel with IT systems,...
Several more vulnerabilities found and closed in popular license manager
03 October 2017
Kaspersky Lab ICS CERT has identified multiple vulnerabilities: denial of service (DOS), NTLM-relay attack, Stack buffer overflow, Remotely enabling web admin interface, Arbitrary memory read and possible remote code execution (RCE) in hasplms service that is a part of Gemalto’s HASP SRM, Sentinel HASP and Sentinel LDK products.
KLCERT-17-008: Sentinel LDK RTE: Remote enabling and disabling admin interface
02 October 2017
Remote enabling and disabling administrative interface opens new attack vectors on the remote system with Gemalto's HASP SRM, Sentinel HASP and Sentinel LDK products prior to Sentinel LDK RTE version 7.55.
KLCERT-17-007: Sentinel LDK RTE: Memory corruption might cause remote code execution
02 October 2017
Memory corruption in Gemalto's HASP SRM, Sentinel HASP and Sentinel LDK products prior to Sentinel LDK RTE version 7.55 might cause remote code execution.
KLCERT-17-006: Sentinel LDK RTE: Arbitrary memory read from controlled memory pointer leads to remote denial of service
02 October 2017
Arbitrary memory read from controlled memory pointer in Gemalto's HASP SRM, Sentinel HASP and Sentinel LDK products prior to Sentinel LDK RTE version 7.55 leads to remote denial of service.
KLCERT-17-005: Sentinel LDK RTE: Remote manipulations with language pack updater lead to NTLM-relay attack for system user
02 October 2017
Remote manipulations with language pack updater lead to NTLM-relay attack for system user in Gemalto's HASP SRM, Sentinel HASP and Sentinel LDK products prior to Sentinel LDK RTE version 7.55
KLCERT-17-004: Sentinel LDK RTE: Stack overflow in custom XML-parser leads to remote denial of service
02 October 2017
Stack overflow in custom XML-parser in Gemalto's HASP SRM, Sentinel HASP and Sentinel LDK products prior to Sentinel LDK RTE version 7.55 leads to remote denial of service.