lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Fri Aug 19 14:52:01 2005
From: Roy.Hills at nta-monitor.com (Roy Hills)
Subject: Juniper Netscreen VPN Username
	Enumeration Vulnerability

At 17:06 18/08/2005, ADT wrote:
>Uh, wouldn't it just be a lot easier to sniff the traffic between the
>client and VPN gateway and get the IKE user id that way?

The difference is that this attack does not require the attacker to
be in the path of the VPN traffic.

>Of course, the NetScreen's could reply with some kind of response, but
>may lead to resource exhastion.

True, but there are ways to minimise this problem (rate limiting, using
random data for the KE payload if the ID is invalid, etc.).

Cisco, for one, have fixed the same problem in their VPN concentrator
product.

>As for "offline hash breaking attempts", re-read RFC2409 and see how
>easy it really is.  Hint: the use of nonces really make things
>difficult.  Doesn't excuse people from using their cat as their
>password, but effectively prevents rainbow table attacks.  Would be
>attackers against NetScreen or any vendor for that matter are prolly
>better off finding a disgruntled employee and buying their
>username/password/securID token for $100 (or a bar of chocolate [2]).

ike-scan includes a program called psk-crack which does just that.  Using
OpenSSL's hash algorithms on a 2.8GHz P4 (not a super-fast system) you
get about 350,000 attempts per second for MD5-based hashes, and about
250,000 for SHA1.

This is enough to crack a dictionary word in seconds, or to do a brute-force
search of a 6-character lower-case password in about 15 mins or an
8-character lower-case password in about seven days (assuming
MD5 hash).

>Sorry, but I don't think there's anything new or interesting here,
>other then to remind people that Aggressive Mode isn't as good as Main
>Mode, but everyone should of already of known that.

The problem is that, in practice, users are not aware of this.  Witness the 
fact
that I've managed to discover valid username/password combinations for several
systems based on the username enumeration issue plus PSK cracking, and
that's with large organisations who "should have known better".

What percentage of Netscreen VPNs are set up to use Aggressive Mode with
PSK auth do you think?  My findings (albeit from a limited sample size) 
indicate
that it's the vast majority.

In the real world, it is a big risk.

Roy


--
Roy Hills                                    Tel:   +44 1634 721855
NTA Monitor Ltd                              FAX:   +44 1634 721844
14 Ashford House, Beaufort Court,
Medway City Estate,                          Email: Roy.Hills@...-monitor.com
Rochester, Kent ME2 4FA, UK                  WWW:   http://www.nta-monitor.com/ 

Powered by blists - more mailing lists