IPsec VPN Connections Broken Using 20 Year Old Flaw

A 20-year old flaw in the Internet Key Exchange (IKE) protocol could allow attackers to perform a MITM attack over VPN connections. The attack was used to target the IKE’s handshake used in IPSec based VPN connections. The attackers are issuing IKEv1 session keys to decrypt connections.

The Hack was discovered by a group of academic researchers from the University of Ruhr, Bochum, Germany and the University of Opole, Poland. The technique involves reusing the key pair across different versions of IKE which leads to a cross-protocol authentication bypass which allows the attacker to spoof the targeted IPsec endpoint to break the encryption mechanism.

“We exploited a Bleichenbacher oracle in an IKEv1 mode, where RSA encrypted nonces are used for authentication,” defined by the team, in a paper set to be exhibited at the Usenix Security Symposium this week. “[The attack covers] all available authentication mechanisms of IKE.”

Working of IPsec Protocol…

The IPsec (Internet Security Protocol) is used to stack network packets at the IP layer which establishes a shared secret for an IPsec connection in which the IPsec protocol has to be executed. The Internet Key Exchange requires two phases. The first phase would be establishing the initial authentication and keying between two peers, phase 2 is used to derive keys for later communication.

“Once attackers succeed with this attack on Phase 1, they share a set of (falsely) authenticated symmetric keys with the victim device, and can successfully complete Phase 2 – this holds for both IKEv1 and IKEv2,” the paper detailed.

Huawei and Cisco have issued patches for the issue yesterday. The flaw has been found in Internetworking Operating System (IOS) which powers most routers and switches on Linux based operating systems. The flaws have been assigned CVE-2018-0131 and CVE-2018-8753.

Take your time to comment on this article.

Related posts

Water Facilities Must Secure Exposed HMIs – Warns CISA

Microsoft December Patch Tuesday Arrived With 70+ Bug Fixes

NachoVPN Attack Risks Corporate VPN Clients