lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list] 
From: malacoda23 at hushmail.com (malacoda23@...hmail.com)
Subject: Cisco Security Notice

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Cisco Security Notice: Cisco IPsec VPN Implementation Group Password
Usage Vulnerability

  For Public Release 2004 April 15 1600 UTC (GMT)
     ----------------------------------------------------------------
- ------

Contents

     Summary
     Details
     Workarounds
     Status
     ----------------------------------------------------------------
- ------

Summary

This Security Notice is being released due to the new information received
by Cisco PSIRT regarding the Cisco IPsec VPN implementation, Group Password
Usage Vulnerability.

Details

   Proof of Concept code now exists for:

* Recovering the Group Password - The Group Password used by the Cisco
Internet Protocol Security (IPsec) virtual private network (VPN)
client is scrambled on the hard drive, but unscrambled in memory. This
password can now be recovered on both the Linux and Microsoft Windows
platform implementations of the Cisco IPsec VPN client. This
vulnerability is documented in the Cisco Bug Toolkit as Bug ID
CSCed41329 (registered customers only) .
* The Linux implementation vulnerability was reported by Karl
Gaissmaier, University of Ulm, Germany.
* The Microsoft Windows implementation vulnerability was reported
by Jonas Eriksson and Nicholas Kathmann.
* Man In The Middle (MITM) attack to emulate a VPN head end server for
stealing valid user names and passwords or hijacking connections using
a previously recovered Group Password - This vulnerability exists
whenever Group Passwords are used as the pre-shared key during
Internet Key Exchange (IKE) Phase 1 in the XAUTH protocol. The user
name and password in XAUTH are transmitted over the network only
encrypted by the Phase 1 IKE security association (SA) which in this
case are derived from the Group Password. Anyone in possession of the
Group Passwords will have the ability to either hijack a connection
from a valid user, or pose as a VPN head end for stealing user names
and passwords.

Workarounds

Cisco shall implement a proprietary implmenetation of High Order Negotiation
Challenge/Response Authentication of Cryptographic Keys or the HighONCRACK
protocol as it is to henceforth be known.  It will work with IKE.  To
address some of their  other VPN isecurity issues Cisco also plans to
implement the Temporal Integrity Negotiation Algorithm or (TINA) a proprietary
extension to Internet Key Exchange (IKE).  When implemented properly,
 during the establishment of a security association, after getting HighONCRACK,
 IKE will use TINA for the negotiation of all tunneling.

Status of This Notice: INTERIM
-----BEGIN PGP SIGNATURE-----
Note: This signature can be verified at https://www.hushtools.com/verify
Version: Hush 2.3

wkYEARECAAYFAkCAEnEACgkQwTSVJxbcR5dPkwCgrODhr2X3nJ0T9m/3AZq/AXKf5RoA
n1w3jdUTZxJMd1fJuZa37Vmug1Gu
=Vboj
-----END PGP SIGNATURE-----




Concerned about your privacy? Follow this link to get
FREE encrypted email: https://www.hushmail.com/?l=2

Free, ultra-private instant messaging with Hush Messenger
https://www.hushmail.com/services.php?subloc=messenger&l=434

Promote security and make money with the Hushmail Affiliate Program: 
https://www.hushmail.com/about.php?subloc=affiliate&l=427

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ