Tuesday, May 10, 2005

IPSec information disclosure vulnerabilities

The UK's National Infrastructure Security Coordination Centre has published an advisory about vulnerabilities in certain IPSec configurations that could allow an active attacker to recover the plaintext of the encrypted communication.

If you're using IPSec, you need to read the advisory, but I can tell you briefly that the attack involves twiddling the bits of the encrypted payload such that the IP headers of the tunneled packet are modified in various ways, which should generate ICMP diagnostic messages on one side of the tunnel. ICMP packets typically include the header and payload information from the packet which generated the error condition, in this case the unencrypted IP packet.

The advisory claims that this attack can be fully automated and can potentially recover entire encrypted sessions. The best workaround seems to be to configure ESP's integrity protection as well as it's encryption, though blocking ICMP error messages would also be effective in some circumstances.

No comments: