[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
UNIRAS Brief - 169/04 - Cisco - Cisco IPsec VPN Implementation Group Password Usage Vulnerability
-----BEGIN PGP SIGNED MESSAGE-----
- ----------------------------------------------------------------------------------
UNIRAS (UK Govt CERT) Briefing Notice - 169/04 dated 15.04.04 Time: 19:25
UNIRAS is part of NISCC(National Infrastructure Security Co-ordination Centre)
- ----------------------------------------------------------------------------------
UNIRAS material is also available from its website at www.uniras.gov.uk and
Information about NISCC is available from www.niscc.gov.uk
- ----------------------------------------------------------------------------------
Title
=====
Cisco Security Notice:
Cisco IPsec VPN Implementation Group Password Usage Vulnerability
Detail
======
Cisco Security Notice: Cisco IPsec VPN Implementation Group Password Usage
Vulnerability
Revision 1.0
For Public Release 2004 April 15 1600 UTC (GMT)
----------------------------------------------------------------------
Contents
Summary
Details
Workarounds
Status of This Notice: INTERIM
Revision History
Cisco Security Procedures
Related Information
----------------------------------------------------------------------
Summary
This Security Notice is being released due to the new information received
by Cisco PSIRT regarding the Cisco IPsec VPN implementation, Group
Password Usage Vulnerability.
This is also a follow-up to an email thread that appeared on the Bugtraq
mailing list in December 2003 which can be found at
http://www.securityfocus.com/archive/1/347351.
This notice will be posted at
http://www.cisco.com/warp/public/707/cisco-sn-20040415-grppass.shtml.
Details
Proof of Concept code now exists for:
* Recovering the Group Password - The Group Password used by the Cisco
Internet Protocol Security (IPsec) virtual private network (VPN)
client is scrambled on the hard drive, but unscrambled in memory. This
password can now be recovered on both the Linux and Microsoft Windows
platform implementations of the Cisco IPsec VPN client. This
vulnerability is documented in the Cisco Bug Toolkit as Bug ID
CSCed41329 (registered customers only) .
* The Linux implementation vulnerability was reported by Karl
Gaissmaier, University of Ulm, Germany.
* The Microsoft Windows implementation vulnerability was reported
by Jonas Eriksson and Nicholas Kathmann.
* Man In The Middle (MITM) attack to emulate a VPN head end server for
stealing valid user names and passwords or hijacking connections using
a previously recovered Group Password - This vulnerability exists
whenever Group Passwords are used as the pre-shared key during
Internet Key Exchange (IKE) Phase 1 in the XAUTH protocol. The user
name and password in XAUTH are transmitted over the network only
encrypted by the Phase 1 IKE security association (SA) which in this
case are derived from the Group Password. Anyone in possession of the
Group Passwords will have the ability to either hijack a connection
from a valid user, or pose as a VPN head end for stealing user names
and passwords.
In the e-mail thread on Bugtraq, it was mentioned that Cisco may be
looking at implementing Challenge/Response Authentication of Cryptographic
Keys (CRACK) as an alternate to XAUTH. This information was incorrect and
Cisco does not plan to implement the CRACK authentication method.
Cisco is working on implementing IKEv2 with an estimated release date in
the fourth quarter of the calendar year 2005.
For the Cisco VPN 3000 Concentrator, Cisco VPN Client (software client)
and Cisco VPN 3002 Hardware Client, Cisco is in the process of
implementing a feature which is based on the expired IETF draft 'A Hybrid
Authentication Mode for IKE' published in August of 2000.
Cisco's solution extends the Hybrid Auth model by additionally requiring a
group pre-shared key for VPN group identification. The group pre-shared
key will be used solely to associate users with their appropriate VPN
groups, followed by the XAUTH exchange that will then authenticate the
user.
The MITM attack vulnerability described in this document will no longer be
possible because of the additional digital signature that will bind the
keying material to the Cisco VPN 3000 Concentrator's digital certificate.
This feature is estimated to ship in the third quarter of the calendar
year 2004.
Hybrid Authentication mode is a two stage process that allows the
asymmetric use of digital certificates between the client and the head end
server. The first stage is used to authenticate the head end server by the
client and is based on the IKE Phase 1 exchange where in the client
verifies the authenticity of the head end server's certificate. The second
stage authenticates the client by the head end server and is based on a
Transaction Exchange (IKECFG) using the mechanism described in the XAUTH
protocol. Pre-shared keys are not used.
Workarounds
No workarounds exist for the vulnerabilities documented in this Notice.
To avoid the potential exploitation because of these vulnerabilities Cisco
PSIRT recommends customer deploy Public Key Infrastructure (PKI) and
carefully evaluate the risks of deploying Group Password based
authentication schemes.
Status of This Notice: INTERIM
This is an interim notice. Although Cisco cannot guarantee the accuracy of
all statements in this notice, all of the facts have been checked to the
best of our ability. Cisco does not anticipate issuing updated versions of
this notice unless there is some material change in the facts. Should
there be a significant change in the facts, Cisco may update this notice.
Any estimated dates set forth in this notice are subject to change without
advance notice.
A stand-alone copy or paraphrase of the text of this security notice that
omits the distribution URL in the following section is an uncontrolled
copy, and may lack important information or contain factual errors.
Revision History
+------------------------------------------+
|Revision 1.0|2004-April-15|Initial public |
| | |release. |
+------------------------------------------+
Cisco Security Procedures
Complete information on reporting security vulnerabilities in Cisco
products, obtaining assistance with security incidents, and registering to
receive security information from Cisco, is available on Cisco's worldwide
website at
http://www.cisco.com/warp/public/707/sec_incident_response.shtml. This
includes instructions for press inquiries regarding Cisco security
notices. All Cisco security advisories are available at
http://www.cisco.com/go/psirt.
----------------------------------------------------------------------
Related Information
* SAFE VPN IPsec Virtual Private Networks in Depth -
http://www.cisco.com/en/US/netsol/ns340/ns394/ns171/ns128/networking_solutions_white_paper09186a00801dca2d.shtml
- refer to the Identity and IPSec Access Control under Architecture
Overview section.
* Deploying Cisco IOS Security with a Public-Key Infrastructure -
http://www.cisco.com/warp/public/cc/pd/iosw/prodlit/pkdpy_wp.htm
* A Hybrid Authentication Mode for IKE -
http://www.ietf.org/proceedings/00dec/I-D/draft-ietf-ipsec-isakmp-hybrid-auth-05.txt
* Cisco Response to Internet Key Exchange Issue -
http://www.cisco.com/warp/public/707/cisco-sn-20030422-ike.html
----------------------------------------------------------------------
All contents are Copyright (c) 1992-2004 Cisco Systems, Inc. All rights
reserved. Important Notices and Privacy Statement.
--------------------------------------------------------------------------
- ----------------------------------------------------------------------------------
For additional information or assistance, please contact the HELP Desk by
telephone or Not Protectively Marked information may be sent via EMail to:
uniras@xxxxxxxxxxxx
Office Hours:
Mon - Fri: 08:30 - 17:00 Hrs
Tel: +44 (0) 20 7821 1330 Ext 4511
Fax: +44 (0) 20 7821 1686
Outside of Office Hours:
On Call Duty Officer:
Tel: +44 (0) 20 7821 1330 and follow the prompts
- ----------------------------------------------------------------------------------
UNIRAS wishes to acknowledge the contributions of Cisco for the information
contained in this Briefing.
- ----------------------------------------------------------------------------------
This Briefing contains the information released by the original author. Some
of the information may have changed since it was released. If the vulnerability
affects you, it may be prudent to retrieve the advisory from the canonical site
to ensure that you receive the most current information concerning that problem.
Reference to any specific commercial product, process, or service by trade
name, trademark manufacturer, or otherwise, does not constitute or imply
its endorsement, recommendation, or favouring by UNIRAS or NISCC. The views
and opinions of authors expressed within this notice shall not be used for
advertising or product endorsement purposes.
Neither UNIRAS or NISCC shall also accept responsibility for any errors
or omissions contained within this briefing notice. In particular, they shall
not be liable for any loss or damage whatsoever, arising from or in connection
with the usage of information contained within this notice.
UNIRAS is a member of the Forum of Incident Response and Security Teams (FIRST)
and has contacts with other international Incident Response Teams (IRTs) in
order to foster cooperation and coordination in incident prevention, to prompt
rapid reaction to incidents, and to promote information sharing amongst its
members and the community at large.
- ----------------------------------------------------------------------------------
<End of UNIRAS Briefing>
-----BEGIN PGP SIGNATURE-----
Version: PGP 8.0
iQCVAwUBQH7ThYpao72zK539AQEirQP/QtW/yVAhmyLCKXEI8SfpuA7NmYnFrQ3V
N91q6eDq7+seJHqX0W+L/CKN8eZ2lMAcHrok4dk2W3+BbZdXQNi+3wH2G7DauKhj
WjGoeh2YjnlVjUGN9kDl9XhtMOTBGODd1T/Hfm7kDOk8ZKDnYzWcLO2maK9RFbSw
Cx8o9qLD9rg=
=nEUB
-----END PGP SIGNATURE-----