BugTraq
Cracking preshared keys Apr 23 2003 10:35AM
Michael Thumann (mthumann ernw de) (2 replies)
Hi,

we would like to announce the publication of a proof of concept paper 'PSK
cracking using IKE Aggressive Mode'. Paper can be downloaded from
www.ernw.de/download/pskattack.pdf .

The theoretical vulnerability about this topic is not new. While we were
preparing a talk about VPN hacking we configured the lab that is described
in the paper to do some kind of demonstration. We were able to capture and
crack successfully PSKs of a cisco router due to the issue that the cisco
router switches automatically to aggressive mode if the initiating clients
demands it.

This attack depends on some conditions on the vpn gateway.

1. Preshared keys are use for authentication
2. The vpn gateway must allow any ip address to establish a vpn connection
3. The vpn gateway must support aggressive mode
4. Of course the psk must be weak to crack it in an acceptable amount of time

Under these circimstances it's possible to capture and crack the preshared
key of a vpn gateway and gain unauthorized access to private networks.

To prevent your vpn gateways from being compromised we suggest the
following actions:
- Don't use preshared key for authentication, if its possible. Otherwise
ensure that you use very strong keys.
- If possible, don't allow vpn connections from any ip address (difficult,
I know).
- Disable aggressive mode, if it's supported (for example in Checkpoint
Firewall-1 where it's disabled per default).

cheers
Michael

ERNW Enno Rey Netzwerke GmbH - Zaehringerstr. 46 - 69115 Heidelberg
Tel. +49 6221 480390 - Fax +49 6221 419008 - Mobil +49 173 6745903

[ reply ]
Re: Cracking preshared keys Apr 24 2003 12:08AM
daw mozart cs berkeley edu (David Wagner) (3 replies)
Re: Cracking preshared keys Apr 26 2003 05:26PM
Stefan Laudat (stefan worldbank ro)
Re: Cracking preshared keys Apr 25 2003 04:34AM
Curt Sampson (cjs cynic net)
Re: Cracking preshared keys Apr 24 2003 07:31PM
Michael Thumann (mlthumann ids-guide de)
Re: Cracking preshared keys Apr 23 2003 07:46PM
Damir Rajnovic (gaus cisco com) (2 replies)
Re: Cracking preshared keys Apr 24 2003 03:30AM
Derek (derekm rogers com)
Re: Cracking preshared keys Apr 24 2003 01:10AM
Gary Flynn (flynngn jmu edu) (1 replies)
Re: Cracking preshared keys Apr 24 2003 07:46PM
Michael Thumann (mthumann ernw de) (1 replies)
Re: Cracking preshared keys Apr 24 2003 07:41PM
Gary Flynn (flynngn jmu edu)


 

Privacy Statement
Copyright 2010, SecurityFocus