This article is more than 1 year old

Support for ageing key exchange crypto leaves VPNs open to attack

Ancient issue causing new ones

Security gaps have been identified in widely used implementations of the IPsec protocol, which is used in the set up of Virtual Private Networks (VPNs).

The Internet Key Exchange protocol "IKEv1", which is part of the IPsec protocol family, has vulnerabilities that enable potential attackers to interfere with the communication process and snoop of supposedly encrypted traffic.

IKEv1 was superseded by IKEv2 years ago the obsolete protocol is still widely used and supported - even by newer devices. This support leaves kit vulnerable to attacks on the encryption-based logon mode of IPsec.

Now for the science bit...

The cryptographic attack works like this: errors are deliberately incorporated into an encoded message and repeatedly sent to a server. Based on the server's replies to the corrupted message, an attacker can gradually draw better and better conclusions about the encrypted contents until a hacker is able to assume the identity of one of the parties to a conversation.

Backdoor key

IPv6 and 5G will make life hell for spooks and cops say Australia's spooks and cops


More technically the researchers showed that reusing a key pair across different versions and modes of IKE can lead to cross-protocol authentication bypasses, enabling the impersonation of a victim host or network by attackers.

This so-called Bleichenbacher Oracle Attack proved effective against the hardware of four network equipment vendors. The affected vendors were Cisco (CVE-2018-0131), Huawei (CVE-2017-17305), Clavister (CVE-2018-8753), and ZyXEL (CVE-2018-9129). All four vendors published fixes or removed the particular authentication method from their devices’ firmware in response to reports of potential problems, according to the researchers.

Cisco response to the research has been to root out updates to its internetwork operating system (IOS) and IOS XE firmware. as previously reported.

The weakness in the face of a Bleichenbacher oracle attack is not a bug in the standard but rather an implementation error by technology vendors. The security shortcoming only lends itself to abuse by a hacker who has already found his way onto a targeted network through some other mechanism, computer boffins behind the attack add.

Yikes IKE

In a second strand to their research, the same team of computer scientists also showed that both IKEv1 and the current IKEv2 present vulnerabilities during the initial login process, especially if the password is weak. In this scenario it's be possible to run offline dictionary attack against the PSK (Pre-Shared Key) based IKE modes.

The vulnerability was also communicated to the Computer Emergency Response Team (CERT).

A team of researchers from Dennis Felsch, Martin Grothe and Prof Dr Jörg Schwenk, from Ruhr-Universität Bochum; as well as Adam Czubak and Marcin Szymanek from Opole University in Poland put together the IPsec research. Their research, put together in a paper entitled The Dangers of Key Reuse: Practical Attacks on IPsec IKE, is due to be presented at the Usenix Security Symposium in Baltimore, USA on Thursday (16 October). ®

More about


Send us news

Other stories you might like