Re: Insecure IKE Implementations Clarification

To: Thor Lancelot Simon <tls@xxxxxxxxxxxx>
Subject: Re: Insecure IKE Implementations Clarification
From: Florian Weimer <fw@xxxxxxxxxxxxx>
Date: Fri, 12 Dec 2003 23:00:31 +0100
Cc: aadams@xxxxxxxxxxxxxxxxx, bugtraq@xxxxxxxxxxxxxxxxx
In-reply-to: <20031212215419.GA25675@xxxxxxxxxxxx>
List-help: <mailto:bugtraq-help@securityfocus.com>
List-id: <bugtraq.list-id.securityfocus.com>
List-post: <mailto:bugtraq@securityfocus.com>
List-subscribe: <mailto:bugtraq-subscribe@securityfocus.com>
List-unsubscribe: <mailto:bugtraq-unsubscribe@securityfocus.com>
Mailing-list: contact bugtraq-help@xxxxxxxxxxxxxxxxx; run by ezmlm
References: <Pine.LNX.4.58.0312120946540.18001@xxxxxxxxxxxxxxxxxxxxxx> <20031212174508.GA29497@xxxxxxxxxxxx> <20031212214537.GA18282@xxxxxxxxxxxxx> <20031212215419.GA25675@xxxxxxxxxxxx>
User-agent: Mutt/1.5.4i

Thor Lancelot Simon wrote:

> For what it's worth, the possibility of this general type of attack was
> repeatedly discussed in the IPsec working group and is a major reason
> why XAUTH was abandoned.  The particular password-stealing attack that I 
> describe as been widely discussed among IKE implementors for at least two
> years; other implementors probably independently noticed it at least as
> early as I did, which was three years ago.

And we have technology deployed that solves exactly the same problem in
a reasonable way: SSH.

> What's pretty disturbing is that there is wide understanding of this
> issue among actual protocol implementors, but that Cisco field personnel
> continue to quite plainly tell customers that it does not exist at all,
> even when the risk to those customers is huge.

I have to admit that we were blinded as well.  I didn't look too closely
at XAUTH at that time because it was proprietary software and no
GNU/Linux client was in sight.  We should have forced Cisco to implement
hybrid mode over two years ago, but failed to do so.  I'm sorry about
that mess.

Follow-Ups:
- Re: Insecure IKE Implementations Clarification
  - From: Thor Lancelot Simon

References:
- Re: Insecure IKE Implementations Clarification
  - From: Thor Lancelot Simon
- Re: Insecure IKE Implementations Clarification
  - From: Florian Weimer
- Re: Insecure IKE Implementations Clarification
  - From: Thor Lancelot Simon

Prev by Date: Re: Insecure IKE Implementations Clarification
Next by Date: Re: A .NET class bug that can hang a machine instantly
Previous by thread: Re: Insecure IKE Implementations Clarification
Next by thread: Re: Insecure IKE Implementations Clarification
Index(es):
- Date
- Thread