We live in interesting times
There is a Chinese proverb/curse saying: May you live in interesting times?
Why is this intended as a curse? Maybe living in interesting times means living in challenging times.
The security environment is so dynamic these days, it is certainly interesting to see how things change all the time, vulnerabilities are found almost every day, exploits are being developed at a whopping pace and even for professionals, just keeping up with it all is very challenging.
In the last two weeks there have been quite a few major security events/discoveries
Starting with KRACK ATTACK (announced 18th of Oct), which our blog already covered https://4cornernetworks.com/krackattack-kraken-wi-fi-wpa2/ but there are new things around the corner.
New VPN/crypto attack – DUNK (Don’t Use Hard-coded Keys) attack
With KRACK attack still going on strong there is a new one that involves breaking cryptography. This one however does not take advantage of the control messages in WPA-2 to allow sniffing of user data but exploits weak software implementation for the ANSI X9.31 RNG. Until quite recently the ANSI X9.31 RNG was used to generate cryptographic keys that secure VPN connections and web browsing sessions.
A team of security researchers from the University of Pennsylvania and John Hopkins University found a vulnerability that affects devices using the ANSI X9.31 Random Number Generator (RNG) in conjunction with a hard-coded seed key. The DUHK attack allows “attackers to recover secret encryption keys from vulnerable implementations to decrypt and read communications passing over VPN connections or encrypted web sessions”.
The attack has been confirmed to work on Fortinet devices running FortiOS 4.3.0 to FortiOS 4.3.18. The necessary requirement (all of them need to be met) for a device to be vulnerable to the DUHK are:
- It uses the X9.31 random number generator
- The seed key used by the generator is hard-coded into the implementation
- The output from the random number generator is directly used to generate cryptographic key
- At least some of the random numbers before or after those used to make the keys are transmitted unencrypted. This is typically the case for SSL/TLS and IPsec.
Also, the attacker needs to be able to observe passively the encrypted handshake traffic.
The X9.31 was widely deployed in the past and was even part of the FIPS approved random number generation algorithms set until January 2016. There is a big chance a lot of VPN implementations are still using it.
There is a CVE for this vulnerability: CVE-2016-8492:
Here are the general recommendations:
- If you are a Fortinet client, please make sure your FortiOS is not running versions 4.3.0 to 4.3.18, or else upgrade asap.
- If you are running any cryptographic software still using the X9.31 generator, reconfigure it to use other random number generator or replace/upgrade software.
- Always stick to the latest security approved cryptographic algorithms when creating VPNs. Legacy VPN should be reconfigured to follow the latest practices