VULHUB ™

The FreeBSD implementation of syncookies are prone to brute force attacks. This is due to generated keys being 32 bits in length. It is possible to generate valid ISN keys using a compromised syncookie. This may allow an attacker to spoof TCP connections that may be used to bypass IP-based access control lists. Other attacks, including denial of service attacks, are also possible.

The FreeBSD implementation of syncookies are prone to brute force attacks. This is due to generated keys being 32 bits in length. It is possible to generate valid ISN keys using a compromised syncookie. This may allow an attacker to spoof TCP connections that may be used to bypass IP-based access control lists. Other attacks, including denial of service attacks, are also possible.