Ericsson Tigris Remote-Access Login Failure Vulnerability

A bug in the Tigris operating system software causes Radius accounting to fail to log certain regular login conditions. When a user fails login authentication, the PPP Authentication routine allows the user to retry login without having to re-establish a new connection. After the user retries and successfully logs in, the Tigris may not deliver the Accounting data for that user. This would mean that the Radius Acounting would not log the call and therefore have no record of the connection details.


Privacy Statement
Copyright 2010, SecurityFocus