Axcess Network Receiver Installation Guide User Manual
Page 62
Network Receiver
62
750.001.005 R04
© 2005 AXCESS Inc.
Description: Optional PPP slush command does not reflect changes to PPP API.
Solution: PPP command source has been updated.
1.02.p1
Problem: Slush password hashes were insecure--created by appending the
password to the username.
Since: Beta
Description: This is insecure because username 'root', password 'tini' hashes to the
same result as 'roott', 'ini' does. An attacker could guess the password in linear time.
Solution: Hash (username + ":" + password)
--------------------------
Problem: The AddUser command in Slush checked to see if a user existed in the
password file by using the String.startsWith() method on each line of the password
file.
Since: Beta
Description: This is a problem if a user "user_admin" existed, and you wanted to
create a user named "user". The operation would fail.
Solution: Parse the password from the file entry, compare using the String.equals()
method.
-------------------------
Problem: SLUSH ipconfig command changing PPP interface parameters.
Since: introduction of PPP
Description: Until this release the -a, -m and -g options made changes to the default
interface. If PPP is running as the default interface using the ipconfig command
would change parameters of the PPP link. PPP interface address assignment should
only be configured via the PPP class.
Solution: now the -a, -m, -g options only change the ethernet interface.
-------------------------
Problem: none
Since: introduction of SLUSH
Description: Changed nomenclature of loopback network interface. Interface name
changed to "lo" from "localhost". Interface type changed to "Local Loopback" from
"Ethernet".
Solution : none