Visit our newest sister site!
Hundreds of free aircraft flight manuals
Civilian • Historical • Military • Declassified • FREE!


TUCoPS :: Windows :: hack0565.htm

Windows IPSec Vulnerabilty



Windows IPSec Vulnerabilty

Hello,

After recent experiment I noticed that there is a man-in-the-middle
vulnerability in Microsoft Windows IPSec implementation when using
certificates for authentication. This also includes the Windows
L2TP/IPSec VPN.

It seems that this is a known problem as there where posts mentioning this
on bugtraq before.
(see: http://www.securityfocus.com/archive/1/347392) 
However nobody seems to care about this, and it's nearly nowhere mentioned
on the well-known VPN howtos.

Windows is verifying the authenticity of an IPSec Gateway by checking the
gateway certificate against its trusted CA public key. Thus only
a gateway with a valid certificate is accepted. But it DOES NOT check
the subject of the certificate e.g. the CN field.
As a matter of fact every other member of the VPN network with a valid
client certificate can setup a IPSec Gateway. The fouled clients will accept
the attackers certificate because it has a valid signature. They will not
notice that the attacker is not the real gateway but an other client.

On further investigation on this topic I took a look on the EAP/TLS 802.1x
stuff for authentication WPA WLAN links which is also using certificates.
Microsoft has introduced two OID's which are coupled with certificates
and which define the purpose - either gateway for server or client.
As a result when using 802.1x the attack does not work because a client will
not accept another clients certificate as its not valid for gateway usage.

I tried to use these OID's for IPSec Authentication as well. The result:
it does not help either. Client certificates are still accepted as valid
gateway certificates.

I've not found any statement from Microsoft on this topic or any official
security advisory. However I think this could easily be fixed by enabling
the usage of the EAP/TLS OIDs for IPSec authentication.

Workaround:
You can use this workaround if you use a Linux IPSec implementation as IPSec
Gateway and OpenSSL for certificates.
Generate a single CA for each pair of Gateway/Client certificates. Configure
your gateway to use another certificate/CA for each client.
The single clients won't accept each other as gateways because their
certificates are signed by different CA's.


Greetings,
Steffen Pfendtner

--
Steffen Pfendtner  
GPG Key fingerprint = DF91 11BB 498F 573B 8002  6E0B 3AE3 FF88 EADD B3BC


TUCoPS is optimized to look best in Firefox® on a widescreen monitor (1440x900 or better).
Site design & layout copyright © 1986-2014 AOH