![]() That allows an attacker to spoof the targeted IPSec endpoint, and to eventually break the encryption mechanism. The technique, uncovered by a team of academic researchers from the Ruhr-University Bochum, Germany and the University of Opole, Poland, involves reusing a key pair across different versions and modes of IKE, which can lead to cross-protocol authentication bypass. Dissidents and journalists also use VPNs to circumvent geo-restrictions, hostile surveillance and censorship. However, they also allow companies to connect their local networks over the public internet, as is the case with the Automotive Network Exchange (ANX), which connects automakers with their suppliers and in wireless 4G networks, wireless carriers use VPNs to secure the backhaul links between their cell towers and the core network. ![]() ![]() The consequences could be far-ranging as is commonly known, VPNs allow employees to securely access a corporate network while they are outside the office. Attackers might be able to use the vulnerability to retrieve IKEv1 session keys and decrypt connections, ultimately opening the door to man-in-the-middle (MitM) attacks or for bad actors to access data carried in VPN sessions. Specifically, the attack targets IKE’s handshake implementation used for IPsec-based VPN connections. A new Bleichenbacher oracle cryptographic attack has been set loose on the world, using a 20-year-old protocol flaw to compromise the Internet Key Exchange (IKE) protocol used to secure IP communications.
0 Comments
Leave a Reply. |