FYI, https://www.ei.rub.de/media/nds/veroeffentlichungen/2018/08/13/sec18-felsch.pdf
Sent from my phone Begin forwarded message: > > https://www.bleepingcomputer.com/news/security/cisco-patches-its-operating-systems-against-new-ike-crypto-attack/ > > Cisco Patches Its Operating Systems Against New IKE Crypto Attack > Catalin Cimpanu > > > Cisco, one of the world's largest vendor of networking equipment, released > security updates today to patch a vulnerability in the IOS and IOS XE > operating systems that run the vast majority of its devices. > > The vulnerability is tracked as CVE-2018-0131 and is one of four CVE > identifiers for a new Bleichenbacher oracle cryptographic attack against the > IKE (Internet Key Exchange) protocol. > > Patches address new cryptographic attack > > This new attack is described is a recently published research paper entitled > "The Dangers of Key Reuse: Practical Attacks on IPsec IKE," set to be > presented at the 27th Usenix Security Symposium later this week in Baltimore, > USA. From the paper's abstract: > > In this paper, we show that reusing a key pair across different versions and > modes of IKE can lead to cross-protocol authentication bypasses, enabling the > impersonation of a victim host or network by attackers. We exploit a > Bleichenbacher oracle in an IKEv1 mode, where RSA encrypted nonces are used > for authentication. Using this exploit, we break these RSA encryption based > modes, and in addition break RSA signature based authentication in both IKEv1 > and IKEv2. Additionally, we describe an offline dictionary attack against the > PSK (Pre-Shared Key) based IKE modes, thus covering all available > authentication mechanisms of IKE. > > Researchers say their attack works against the IKEv1 implementations of Cisco > (CVE-2018-0131), Huawei (CVE-2017-17305), Clavister (CVE-2018-8753), and > ZyXEL (CVE-2018-9129). > > The research team, made up of three academics from the Ruhr-University > Bochum, Germany and two from the University of Opole, Poland, say they > notified vendors that had products vulnerable to this attack. > > "All vendors published fixes or removed the particular > authentication method from their devices’ firmwares in response to > our reports," researchers said. > > Cisco IOS and IOS XE affected, but not IOS XR > > Cisco was by far the biggest vendor affected by this flaw, and the hardest > hit. CVE-2018-0131 affects the company's main product, the IOS > (Internetworking Operating System), and its Linux-based offshoot, IOS XE. > > The IOS XR operating system, which runs on a different codebase and is used > mainly for carrier-grade routers, is not affected. > > Cisco released patches today for both OSes. The company says that any IOS and > IOS XE device that's configured with the "authentication rsa-encr" option is > vulnerable. > > Attackers can recover VPN sessions > > According to Cisco, this flaw "could allow an unauthenticated, remote > attacker to obtain the encrypted nonces of an Internet Key Exchange Version 1 > (IKEv1) session." > > "The vulnerability exists because the affected software responds incorrectly > to decryption failures. An attacker could exploit this vulnerability sending > crafted ciphertexts to a device configured with IKEv1 that uses RSA-encrypted > nonces," Cisco said in a security advisory. > > An attacker that has the ability to recover IKEv1 nonces can recover data > sent via IPsec, the protocol at the base of most VPN traffic. With this in > mind, applying the Cisco patches is highly recommended. > > Related Articles: > > Get 66% off ProtonVPN Plus Subscriptions Deal > > DNS Leak Fixed in Kaspersky VPN App for Android > > Study: Law Enforcement Need Technical Skills, Not Backdoors > > DOD to Move All Websites to HTTPS by the End of the Year > > Many Bluetooth Implementations and OS Drivers Affected by Crypto Bug > > > > Sent from my phone > _______________________________________________ > Security mailing list > [email protected] > https://lists.libreswan.org/mailman/listinfo/security
_______________________________________________ IPsec mailing list [email protected] https://www.ietf.org/mailman/listinfo/ipsec
