Nortel Networks recently warned of three serious vulnerabilities in its VPN routers, which are said to allow remote hackers to take partial control of the devices and get access to network. All model numbers of the Nortel VPN Routers 1000, 2000, 4000, and 5000 are affected.
According to an online advisory from Nortel Networks, Nortel was reported to have said that there are the existence of three complex areas of functionality in the router, which was previously Contivity. One vulnerability that is said to let a hacker get illegal remote access, is involved with the way users are configured. While two user accounts are kept in store by default in the VPN Router LDAP template, and they are concealed from the system manager. The accounts are utilized for excavating protocols such as L2TP, IPSEC, PPTP, and L2F.
The 2nd vulnerability, which is involved with illegal administration access, resides in the router’s Web-enabled device administration. A hacker is expected to exploit the URL to gain access to a few administrative pages but for authorization. The advisory warns that once the hacker gains access, it gets most possible that they could compromise a few of the configuration settings on the compromised VPN Router.
All of the VPN Routers make use of the similar DES (Data Encryption Standard) key to encrypt user passwords and that lands to weak password encryption, as a result making it simpler for hackers to crack passwords with brute force cracking methods. The company has suggested PC users that they should upgrade their VPN Routers system software to version 6_05.140.













