Bugtraq mailing list archives

Re: CISCO PIX Vulnerability

From: rick_smith () SECURECOMPUTING COM (Rick Smith)
Date: Wed, 10 Jun 1998 13:02:11 -0500

Another thing is that PIX is using DES in ECB mode. CISCO admits that
"....ECB is not generally considered to be the best mode in which to
employ DES,...." but you'll have to live with it. CISCO will not fix
that so you'll have to buy future IPSEC/IKE products.


IMHO, the really, really nasty problem with ECB mode is that the data
stream is vulnerable to trivial substitution attacks. If the encrypted
traffic consists of administrative commands, it won't be that hard to
collect a modest but interesting dictionary of plaintext/ciphertext pairs.
Then the attacker can forge command strings without ever having to brute
force the key itself.

Rick.
smith () securecomputing com
"Internet Cryptography" at bookstores or http:/www.visi.com/crypto/

Current thread:

CISCO PIX Vulnerability Damir Rajnovic (Jun 03)
- Re: CISCO PIX Vulnerability Rick Smith (Jun 10)
- <Possible follow-ups>
- Re: CISCO PIX Vulnerability David Wagner (Jun 03)
  - Re: CISCO PIX Vulnerability Damir Rajnovic (Jun 03)
  - FreeBSD Security Advisory: FreeBSD-SA-98:05.nfs Aleph One (Jun 04)
    - Re: FreeBSD Security Advisory: FreeBSD-SA-98:05.nfs matthew green (Jun 04)
  - Huge security hole in SDRC IDEAS MS6 cad system. Sven-Ove Westberg (Jun 05)
  - Security flaw in Accelerated-X 4.1 Stefan Laudat (Jun 08)
- Re: CISCO PIX Vulnerability Damir Rajnovic (Jun 05)
- Re: CISCO PIX Vulnerability Jamie Thain (Jun 20)