|
TENEX Page Fault Race Condition Password Prediction Weakness |
|
Saturday, 01 January 1972 |
TENEX contains a flaw that may allow a local attacker to more trivially guess user passwords. By carefully examining the virtual memory paging timing for differential timing for page faults, it is possible to determine if a specific character matched a portion of the password. By performing this timing attack for each character of a password, an attacker could effectively brute force a relatively strong password in a matter of minutes, instead of having to exhaust a majority of the possible password space.
Read more... |
We provide a full range of hardware and software support based services, onsite and off-site including Monitoring services, Remote management and Service level support.