Bugtraq mailing list archives
Re: Insecure IKE Implementations Clarification
From: Florian Weimer <fw () deneb enyo de>
Date: Fri, 12 Dec 2003 22:45:37 +0100
Thor Lancelot Simon wrote:
The second problem is generic to *any* IKE that can be configured to use a "group password" and then send a second authenticator using XAUTH. *This is probably the *most common* configuration of the Cisco "VPN client" implementation that you will find deployed in the field*. That's no surprise, because Cisco consultants, Cisco-trained consultants, and Cisco sales engineers push it on customers heavily as a panacea for bootstrapping a VPN using only a legacy authentication database.
There's also a PSIRT statement regarding this issue, and it's at best embarrassing for Cisco engineering folks: <http://www.cisco.com/warp/public/707/cisco-sn-20030422-ike.html> I know several people work on XAUTH MITM attacks; I guess it will fall in a couple of weeks. (Just sniffing the user password is easy, the group password is typically public anyway; the remaining challenge consists of putting together several tools to transparently fake a Cisco VPN concentrator).
Current thread:
- Re: Insecure IKE Implementations Clarification Thor Lancelot Simon (Dec 12)
- Re: Insecure IKE Implementations Clarification Florian Weimer (Dec 13)
- Re: Insecure IKE Implementations Clarification Thor Lancelot Simon (Dec 13)
- Re: Insecure IKE Implementations Clarification Florian Weimer (Dec 13)
- Re: Insecure IKE Implementations Clarification Thor Lancelot Simon (Dec 13)
- Re: Insecure IKE Implementations Clarification Florian Weimer (Dec 13)
- SSH vs. IKE trust models (was Re: Insecure IKE Implementations Clarification) Thor Lancelot Simon (Dec 13)
- Re: SSH vs. IKE trust models (was Re: Insecure IKE Implementations Clarification) Florian Weimer (Dec 13)
- Re: SSH vs. IKE trust models (was Re: Insecure IKE Implementations Clarification) Jimi Thompson (Dec 15)
- Re: Insecure IKE Implementations Clarification Thor Lancelot Simon (Dec 13)
- Re: Insecure IKE Implementations Clarification Florian Weimer (Dec 13)
- Re: Insecure IKE Implementations Clarification Jun-ichiro itojun Hagino (Dec 13)