NeoScale downplayed a vulnerability note issued by the U.S. Computer Emergency Readiness Team (CERT), saying it already fixed the problem and accused a rival of exaggerating the risk.
CERT's warning this week detailed a flaw in the authentication process of NeoScale Systems CryptoStor 700 tape encryption appliances. NeoScale CEO Barbara Nelson dashed off a note to media and analysts today saying the vendor fixed the problem in the latest version of its firmware released this month and blamed competitor Decru for sending out misleading information to scare off customers. The CERT note confirmed that NeoScale's latest release addresses the vulnerability.
CERT, part of the U.S. Department of Homeland Security, collects and manages computer security threats.
"CERT characterized this vulnerability as one that could allow a malicious user to bypass additional two-factor authentication if [her emphasis] they had knowledge of a security officer's user ID and password," Nelson said in her letter.