Log in

View Full Version : New Active Sync security vulnerability


Airscanner
08-02-2005, 04:49 PM
Remote Password Compromise of Microsoft Active Sync 3.7.1


http://www.airscanner.com/security/activesync371.htm

surur
08-02-2005, 04:55 PM
and 3.8 and 4?

Surur

Airscanner
08-02-2005, 06:42 PM
Thanks,

Very good point. We have tested the exploit and it works on v3.8 as well. I believe 4.0 is still beta.

Sven Johannsen
08-02-2005, 06:54 PM
I don't think you will find the vulnerability on AS 4, since it has removed network sync to the desktop altogether. You still have network sync to an Exchange Server, but that as I understand it, is a totally different mechanism.

I gather your recommendation to block port 5679 would result in not being able to sync a PPC over WiFi or any other network connection.

AS 4 is not really still in Beta, but has not been released outside the developer community. You guys should be able to get hold of it. It has no benefit to anyone not running WM 5 at this point, beyond brutally plugging some security holes.