[32840] in bugtraq
Re: Insecure IKE Implementations Clarification
daemon@ATHENA.MIT.EDU (Florian Weimer)
Sat Dec 13 15:14:42 2003
Date: Fri, 12 Dec 2003 23:00:31 +0100
To: Thor Lancelot Simon <tls@rek.tjls.com>
Cc: aadams@securityfocus.com, bugtraq@securityfocus.com
Message-ID: <20031212220031.GA18596@deneb.enyo.de>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <20031212215419.GA25675@rek.tjls.com>
From: Florian Weimer <fw@deneb.enyo.de>
Thor Lancelot Simon wrote:
> For what it's worth, the possibility of this general type of attack was
> repeatedly discussed in the IPsec working group and is a major reason
> why XAUTH was abandoned. The particular password-stealing attack that I
> describe as been widely discussed among IKE implementors for at least two
> years; other implementors probably independently noticed it at least as
> early as I did, which was three years ago.
And we have technology deployed that solves exactly the same problem in
a reasonable way: SSH.
> What's pretty disturbing is that there is wide understanding of this
> issue among actual protocol implementors, but that Cisco field personnel
> continue to quite plainly tell customers that it does not exist at all,
> even when the risk to those customers is huge.
I have to admit that we were blinded as well. I didn't look too closely
at XAUTH at that time because it was proprietary software and no
GNU/Linux client was in sight. We should have forced Cisco to implement
hybrid mode over two years ago, but failed to do so. I'm sorry about
that mess.
