Worrisom IPSec vulnerability announced
Results 1 to 2 of 2

Thread: Worrisom IPSec vulnerability announced

  1. #1
    Senior Member
    Join Date
    Sep 2001
    Posts
    1,027

    Worrisom IPSec vulnerability announced

    Well, I was reading along the handler's daily log over at isc.sans.org, not expecting anything much and then it hits me like a slap in the face:

    http://isc.sans.org/diary.php?date=2005-05-09
    IPSec vuln announced

    NISCC has posted an advisory for IPSEC implementations. Seems that any configuration of IPSec that uses ESP, IP protocol 50 (Encapsulating Security Payload), with confidentiality (encryption) only is affected. In addition, reports of some configurations of AH (Authentication Header), IP protocol 51 are also affected.

    The impact of this vulnerability is huge (well, assuming that you arent using data integrity already), as the attacker could get the plaintext version of the communication. As was pointed out to me by an ISC reader, the default on most VPN servers is to include data integrity with ESP. This is one good case where most people probably dont stray too far from the default config *sic*.

    Principal workaround: Ensure that you use ESP with integrity protection.

    Link:http://www.niscc.gov.uk/niscc/docs/a...6.html?lang=en

    It's always scary when you learn that a (suite of) protocol like IPSec, thats widely accepted by the community as being secure, suddently as a bad flaw revealed.

    Of course there apperently are workarounds to this issue, but still, this is not like the previous isakmp daemons implementation flaws, but rather an issue with the protocol and crypto itself...


    Ammo
    Credit travels up, blame travels down -- The Boss

  2. #2
    Senior Member
    Join Date
    Sep 2001
    Posts
    1,027
    Ok I guess I was more tired than I thought when I posted the previous;

    I now wish to tone down my original post a bit as it just now occures to me that pretty much everyone use data integrity with their esp as almost all vpn concentrators/clients by default use at minimum md5 for integrity algorithm (and quite a few of us turn it up to sha-1 when configuring tunnels...).

    So while the discovery of the weakness is still relatively big news, it's not as alarming as I had led myself to believe....


    Ammo
    Credit travels up, blame travels down -- The Boss

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •