{"vuid":"VU#758054","idnumber":"758054","name":"Reflection for Secure IT Windows Server 6.0 changed case sensitivity of allow and deny lists","keywords":["Reflection for Secure IT Windows Server","case sensitive","behavior change"],"overview":"Reflection for Secure IT Windows Server version 6.0 uses different case sensitivity in evaluating the allow and deny lists as previous versions, potentially allowing unintended access.","clean_desc":"Reflection for Secure IT Windows Server version 6.0, an SSH server from WRQ formerly known as F-Secure SSH server, provides allow and deny lists of regular expressions to configure the set of accounts that should be able to access the host. Prior to 6.0, these regular expressions were evaluated in a case-insensitive manner. In 6.0, the regular expressions are evaluated in a case-sensitive manner, potentionally allowing an attacker to login to previously-denied accounts.","impact":"A remote attacker may be able to login to previously denied accounts, if the attacker can authenticate to the account (e.g., the attacker knows the account's password).","resolution":"Upgrade According to WRQ, version 6.0, build 24 of Reflection for Secure IT Windows Server evaluates allow and deny strings in a case insensitive manner. This restores the prior behavior, but may result in user names matching the allow list that did not match in prior builds of version 6.0.","workarounds":"Manually Create Expressions Enter regular expressions that match all case combinations of the desired strings.","sysaffected":"","thanks":"Thanks to WRQ for reporting this issue.","author":"This document was written by Hal Burch.","public":["h","t","t","p",":","/","/","s","u","p","p","o","r","t",".","w","r","q",".","c","o","m","/","t","e","c","h","d","o","c","s","/","1","9","1","0",".","h","t","m","l"],"cveids":[""],"certadvisory":"","uscerttechnicalalert":null,"datecreated":"2005-07-28T14:08:46Z","publicdate":"2005-08-25T00:00:00Z","datefirstpublished":"2005-08-31T15:18:25Z","dateupdated":"2005-09-01T15:29:37Z","revision":27,"vrda_d1_directreport":"","vrda_d1_population":"","vrda_d1_impact":"","cam_widelyknown":"0","cam_exploitation":"0","cam_internetinfrastructure":"7","cam_population":"8","cam_impact":"20","cam_easeofexploitation":"6","cam_attackeraccessrequired":"8","cam_scorecurrent":"1.008","cam_scorecurrentwidelyknown":"3.888","cam_scorecurrentwidelyknownexploited":"6.768","ipprotocol":"","cvss_accessvector":"","cvss_accesscomplexity":"","cvss_authentication":null,"cvss_confidentialityimpact":"","cvss_integrityimpact":"","cvss_availabilityimpact":"","cvss_exploitablity":null,"cvss_remediationlevel":"","cvss_reportconfidence":"","cvss_collateraldamagepotential":"","cvss_targetdistribution":"","cvss_securityrequirementscr":"","cvss_securityrequirementsir":"","cvss_securityrequirementsar":"","cvss_basescore":"","cvss_basevector":"","cvss_temporalscore":"","cvss_environmentalscore":"","cvss_environmentalvector":"","metric":1.008,"vulnote":null}