[<prev] [next>] [day] [month] [year] [list]
Message-ID: <200404161708.i3GH8mG3024574@mailserver1.hushmail.com>
From: malacoda23 at hushmail.com (malacoda23@...hmail.com)
Subject: Cisco Security Notice
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Cisco Security Notice: Cisco IPsec VPN Implementation Group Password
Usage Vulnerability
For Public Release 2004 April 15 1600 UTC (GMT)
----------------------------------------------------------------
- ------
Contents
Summary
Details
Workarounds
Status
----------------------------------------------------------------
- ------
Summary
This Security Notice is being released due to the new information received
by Cisco PSIRT regarding the Cisco IPsec VPN implementation, Group Password
Usage Vulnerability.
Details
Proof of Concept code now exists for:
* Recovering the Group Password - The Group Password used by the Cisco
Internet Protocol Security (IPsec) virtual private network (VPN)
client is scrambled on the hard drive, but unscrambled in memory. This
password can now be recovered on both the Linux and Microsoft Windows
platform implementations of the Cisco IPsec VPN client. This
vulnerability is documented in the Cisco Bug Toolkit as Bug ID
CSCed41329 (registered customers only) .
* The Linux implementation vulnerability was reported by Karl
Gaissmaier, University of Ulm, Germany.
* The Microsoft Windows implementation vulnerability was reported
by Jonas Eriksson and Nicholas Kathmann.
* Man In The Middle (MITM) attack to emulate a VPN head end server for
stealing valid user names and passwords or hijacking connections using
a previously recovered Group Password - This vulnerability exists
whenever Group Passwords are used as the pre-shared key during
Internet Key Exchange (IKE) Phase 1 in the XAUTH protocol. The user
name and password in XAUTH are transmitted over the network only
encrypted by the Phase 1 IKE security association (SA) which in this
case are derived from the Group Password. Anyone in possession of the
Group Passwords will have the ability to either hijack a connection
from a valid user, or pose as a VPN head end for stealing user names
and passwords.
Workarounds
Cisco shall implement a proprietary implmenetation of High Order Negotiation
Challenge/Response Authentication of Cryptographic Keys or the HighONCRACK
protocol as it is to henceforth be known. It will work with IKE. To
address some of their other VPN isecurity issues Cisco also plans to
implement the Temporal Integrity Negotiation Algorithm or (TINA) a proprietary
extension to Internet Key Exchange (IKE). When implemented properly,
during the establishment of a security association, after getting HighONCRACK,
IKE will use TINA for the negotiation of all tunneling.
Status of This Notice: INTERIM
-----BEGIN PGP SIGNATURE-----
Note: This signature can be verified at https://www.hushtools.com/verify
Version: Hush 2.3
wkYEARECAAYFAkCAEnEACgkQwTSVJxbcR5dPkwCgrODhr2X3nJ0T9m/3AZq/AXKf5RoA
n1w3jdUTZxJMd1fJuZa37Vmug1Gu
=Vboj
-----END PGP SIGNATURE-----
Concerned about your privacy? Follow this link to get
FREE encrypted email: https://www.hushmail.com/?l=2
Free, ultra-private instant messaging with Hush Messenger
https://www.hushmail.com/services.php?subloc=messenger&l=434
Promote security and make money with the Hushmail Affiliate Program:
https://www.hushmail.com/about.php?subloc=affiliate&l=427
Powered by blists - more mailing lists