Researchers from the Ruhr-Universitat Bochum: Dennis Felsch, Martin Grothe, and Jorg Schwenk, and researchers from the University of Opole: Adam Czubak and Marcin Szymanek discovered a possible cryptographic attack on vulnerable IPSec IKE implementations used by many networking firms such as Cisco, Huawei, ZyXel, and Clavister. The researchers have published a paper on their research and are due to present a proof of concept of the attack sometime this week at the USENIX Security Symposium in Baltimore.
According to the research published, using the same key pair across various versions and modes of IKE implementations “can lead to cross-protocol authentication bypasses, enabling the impersonation of a victim host or network by attackers.” The researchers explained that the way this works is that “We exploit a Bleichenbacher oracle in an IKEv1 mode, where RSA encrypted nonces are used for authentication. Using this exploit, we break these RSA encryption based modes, and in addition break RSA signature based authentication in both IKEv1 and IKEv2. Additionally, we describe an offline dictionary attack against the PSK (Pre-Shared Key) based IKE modes, thus covering all available authentication mechanisms of IKE.”
It seems that the vulnerability comes out of decryption failures in the vendors’ devices. These failures could be exploited to convey deliberate ciphertexts to the IKEv1 device with RSA-encrypted nonces. If the attacker is successful in carrying out this attack, he or she could gain access to the encrypted nonces fetched.
Given the sensitivity of this vulnerability and the networking firms at risk, several of the networking companies have released patches to treat this issue or have removed the risky authentication process from their products entirely. The affected products were Cisco’s IOS and IOS XE software, ZyXel’s ZyWALL/USG products, and Clavister and Huawei’s firewalls. All of these tech companies have released respective firmware updates to be downloaded and installed directly on their products.