[j-nsp] [c-nsp] Meltdown and Spectre

Alain Hebert ahebert at pubnix.net
Mon Jan 8 14:21:25 EST 2018


     If someone can sniff your authentication...

         You're in deep trouble.

     Also for 2018, about dropping using whataboutdisms.  It is clear 
that  those, oddly timed, flaws do not affect properly configured JNP 
devices.

-----
Alain Hebert                                ahebert at pubnix.net
PubNIX Inc.
50 boul. St-Charles
P.O. Box 26770     Beaconsfield, Quebec     H9W 6G7
Tel: 514-990-5911  http://www.pubnix.net    Fax: 514-990-9443

On 01/08/18 12:11, Chuck Anderson wrote:
> Umm, you type the password into the box, right?  The box stores that password in memory so that it can build a TACACS+ request packet to send to the server?  Unless you are using SSH keys in lieu of passwords.
>
> On Mon, Jan 08, 2018 at 05:16:01PM +0100, Sebastian Becker wrote:
>> The password will not be seen on the box itself so no problem. The users are tacacs+ authorized/authenticated.
>> Most scenarios are much easier to accomplish by using the already granted rights on the boxes per user then using these kinds of attack vectors opened by Meltdown and Spectre.
>>
>> Our boxes simply do not run other code than that what is delivered by the vendors.
>>
>>>> Sebastian Becker
>> sb at lab.dtag.de
>>
>>> Am 08.01.2018 um 09:32 schrieb Thilo Bangert <thilo.bangert at gmail.com>:
>>>
>>> Den 06-01-2018 kl. 19:49 skrev Sebastian Becker:
>>>> Same here. User that have access are implicit trusted.
>>> You do have individual user accounts on the equipment, right?
>>>
>>> The idea of having secure individual logins goes down the drain with Meltdown and Spectre. You want to be sure that a person logged into a box cannot snoop the password of a co-worker.
>>>
>>> Meltdown and Spectre are relevant on all affected computing equipment.
>>>
>>>> So no need for panic.
>>> The usefulness of panic has been degrading the past couple of thousand years ;-)
> _______________________________________________
> juniper-nsp mailing list juniper-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/juniper-nsp



More information about the juniper-nsp mailing list