Support for ageing key exchange crypto leaves VPNs open to attack

www.theregister.co.uk | 8/15/2018 | Staff
bluelilly (Posted by) Level 3
Click For Photo: https://regmedia.co.uk/2016/01/18/key_98745567.jpg?x=1200&y=794

Security gaps have been identified in widely used implementations of the IPsec protocol, which is used in the set up of Virtual Private Networks (VPNs).

The Internet Key Exchange protocol "IKEv1", which is part of the IPsec protocol family, has vulnerabilities that enable potential attackers to interfere with the communication process and snoop of supposedly encrypted traffic.

IKEv1 - IKEv2 - Years - Protocol - Devices

IKEv1 was superseded by IKEv2 years ago the obsolete protocol is still widely used and supported - even by newer devices. This support leaves kit vulnerable to attacks on the encryption-based logon mode of IPsec.

Now for the science bit...

Attack - Errors - Message - Server - Server

The cryptographic attack works like this: errors are deliberately incorporated into an encoded message and repeatedly sent to a server. Based on the server's replies to the corrupted message, an attacker can gradually draw better and better conclusions about the encrypted contents until a hacker is able to assume the identity of one of the parties to a conversation.

More technically the researchers showed that reusing a key pair across different versions and modes of IKE can lead to cross-protocol authentication bypasses, enabling the impersonation of a victim host or network by attackers.

Bleichenbacher - Oracle - Attack

This so-called Bleichenbacher Oracle Attack proved...
(Excerpt) Read more at: www.theregister.co.uk
Wake Up To Breaking News!
Sign In or Register to comment.

Welcome to Long Room!

Where The World Finds Its News!