Specifications
CRP-C0239-01
23
1. Use the tool for port scan and the command to access the network port (Rlogin,
Telnet, SSH, Rsh, FTP) and investigate the network port which can use TOE.
2. Investigate the potential URL which can bypass the Identification and
Authentication function and the access control function, and then enter in the
browser the URL which was found by the result to try to access.
3. Attempt all the possible operations except for the login operation from the
Operation Panel or Web interface.
4. Use the different vulnerability tool from the one used in the developer testing,
and implement the vulnerability diagnosis for Web interface
d. Result
All of the implemented "tests which the evaluators independently created" and
"sampled developer testing" correctly completed and could confirm the
behaviour of the TOE. The evaluators confirmed that all of the test results met
the expected behaviors.
All of the implemented evaluator intrusion tests indicated that there was no
vulnerability which attacker who has the assumed attack potential can exploit.
2.4 Evaluation Result
The evaluator had the conclusion that the TOE satisfies all work units prescribed in
CEM by submitting the Evaluation Technical Report.