The TIS FWTK (on which their commercial Gauntlet firewall is based) includes a tool called the authserv. Authserv is designed to allow the firewall to have a single interface to many authentication methods, such as hand held authenticators, s/key, or passwords, with a single API. The authserv is designed to run on the local host for a simple, single box firewall configuration. However, TIS has made available an encrypting version of the authserv's networking modules, to support people who want to run over an untrusted network.

An example of such a situation would be a large company with multiple internet firewalls, and a centralized authentication database. The reasonably knowledgable firewall admin can get the encrypting code to protect his connection from evesdroppers. Unfortunately, this does not help much against an active attack.

The authentication messages are trivially replayable. The message to replay can be decided based on traffic analysis, and all that remains for an insider to break into the firewall is a little TCP splicing. Objections that this is an unreasonable set of assumptions are weak, since if the scenario (internal attacker can splice TCP) was not worrisome, no encrypting version of the code would have been produced.

This is worrisome because the code was written, and made available, in November 1994. The author and the company had not heard reports of the problem until June, 1997. A fix has been completed by TIS before publication of this research note.