{"vuid":"VU#641012","idnumber":"641012","name":"Kerio Personal Firewall vulnerable to replay attack","keywords":["Kerio Personal Firewall","authentication mechanism","remote administration","randomization","replay attack"],"overview":"Kerio Personal Firewall contains a vulnerability that may allow a remote attacker to replay an administration session.","clean_desc":"Kerio Technologies Inc. describes the Kerio Personal Firewall as follows: Kerio Personal Firewall (KPF) is a software agent that builds a barrier between your personal computer and the Internet. KPF is designed to protect your PC against attacks from both the Internet, and other computers in the local network. Core Security Technologies discovered a design problem that could allow a remote attacker to replay an administration session. In order to exploit this vulnerability, the attacker would need to be able to sniff the administration session packets. For further technical details, please see the Core Security Technologies advisory.","impact":"A remote attacker may be able to replay an administration session.","resolution":"Kerio Technologies Inc. has released Kerio Personal Firewall version 2.1.5 to address this vulnerability. Until you can upgrade, you may wish to disable the remote administration feature.","workarounds":"","sysaffected":"","thanks":"This vulnerability was discovered by Emiliano Kargieman, HernĂ¡n Gips, and Javier Burroni of \nCore Security Technologies","author":"This document was written by Ian A Finlay.","public":["http://www.coresecurity.com/common/showdoc.php?idx=314&idxseccion=10","http://www.kerio.com/kpf_download.html","http://online.securityfocus.com/bid/7179"],"cveids":["CVE-2003-0219"],"certadvisory":"","uscerttechnicalalert":null,"datecreated":"2003-04-28T20:23:17Z","publicdate":"2003-04-28T00:00:00Z","datefirstpublished":"2003-05-13T17:14:18Z","dateupdated":"2003-05-13T17:45:34Z","revision":11,"vrda_d1_directreport":"","vrda_d1_population":"","vrda_d1_impact":"","cam_widelyknown":"15","cam_exploitation":"0","cam_internetinfrastructure":"5","cam_population":"8","cam_impact":"20","cam_easeofexploitation":"5","cam_attackeraccessrequired":"10","cam_scorecurrent":"3","cam_scorecurrentwidelyknown":"3.75","cam_scorecurrentwidelyknownexploited":"6.75","ipprotocol":"","cvss_accessvector":"","cvss_accesscomplexity":"","cvss_authentication":null,"cvss_confidentialityimpact":"","cvss_integrityimpact":"","cvss_availabilityimpact":"","cvss_exploitablity":null,"cvss_remediationlevel":"","cvss_reportconfidence":"","cvss_collateraldamagepotential":"","cvss_targetdistribution":"","cvss_securityrequirementscr":"","cvss_securityrequirementsir":"","cvss_securityrequirementsar":"","cvss_basescore":"","cvss_basevector":"","cvss_temporalscore":"","cvss_environmentalscore":"","cvss_environmentalvector":"","metric":3.0,"vulnote":null}