Next Page >>
encryption algorithm
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Cisco Security Advisory: IronPort Encryption Appliance / PostX and
PXE Encryption Vulnerabilities
Advisory ID: cisco-sa-20090114-ironport
Revision 1.0
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Cisco Security Advisory: Multiple Vulnerabilities in Cisco IronPort
Encryption Appliance
Advisory ID: cisco-sa-20100210-ironport
Revision 1.0
+Impact
Potentially High
+Description
When logging into a Prolog database all of the usernames and passwords
are sent to the workstation. Depending on the encryption level of the
database cracking the passwords is trivial to annoying.
If you attempt a login with ANY username/password combination the
entire dataset of usernames and passwords is passed to the workstation
to parse and authenticate. Any network sniffer can catch the dataset
Vendor Contact Date: 4/20/2010
Status: Vendor does not want to fix the vulnerability.
Vulnerability Details:
RSA Key Manager Client software uses an SQLite database to cache its encryption keys. The software fails to properly validate the metadata embedded inside of the RSA Key Manager encrypted data when it perform a key lookup when the encrypted data is being decrypted.An attacker can inject SQL commands into the metadata section of the RSA Key Manager encrypted data, which will be executed by the Key Manager Client software. For example, an attacker can inject SQL statements to modify existing encryption keys, remove existing encryption keys, add new encryption keys, etc.
The Key Manager client uses two types of cache: memory cache and file cache. As long as both or either of the caches are enabled the problem can be triggered easily.
RSA Key Manager Client 1.5.x uses the following format when it encrypts data:
Field 1 = KeyIdStringField 2 = NULL TerminatorField 3 = Encryption IVField 4 = Encrypted Data
Encryptionn Key Cache tables:
as S/N, default SSID, and default WEP/WPA key. Chances are that if you
own a wireless router which uses a default WEP or WPA key, such key
can be predicted based on publicly-available information such as the
router's MAC address or SSID. In other words: it's quite likely that
the bad guys can break into your network if you're using the default
encryption key. Thanks to Kevin, our suspicion that such issue exists
on the BT Home Hub has been confirmed (keep reading for more
details!). Our advice is: *use WPA rather than WEP and change the
default encryption key now!*
as S/N, default SSID, and default WEP/WPA key. Chances are that if you
own a wireless router which uses a default WEP or WPA key, such key
can be predicted based on publicly-available information such as the
router's MAC address or SSID. In other words: it's quite likely that
the bad guys can break into your network if you're using the default
encryption key. Thanks to Kevin, our suspicion that such issue exists
on the BT Home Hub has been confirmed (keep reading for more
details!). Our advice is: *use WPA rather than WEP and change the
default encryption key now!*
as S/N, default SSID, and default WEP/WPA key. Chances are that if you
own a wireless router which uses a default WEP or WPA key, such key
can be predicted based on publicly-available information such as the
router's MAC address or SSID. In other words: it's quite likely that
the bad guys can break into your network if you're using the default
encryption key. Thanks to Kevin, our suspicion that such issue exists
on the BT Home Hub has been confirmed (keep reading for more
details!). Our advice is: *use WPA rather than WEP and change the
default encryption key now!*
as S/N, default SSID, and default WEP/WPA key. Chances are that if you
own a wireless router which uses a default WEP or WPA key, such key
can be predicted based on publicly-available information such as the
router's MAC address or SSID. In other words: it's quite likely that
the bad guys can break into your network if you're using the default
encryption key. Thanks to Kevin, our suspicion that such issue exists
on the BT Home Hub has been confirmed (keep reading for more
details!). Our advice is: *use WPA rather than WEP and change the
default encryption key now!*
---------
EXPLOIT:
---------
1.-WITHOUT ENCRYPTION:
Add cookie --> Name ~> dogarchive_user_info
--> Value ~> email=&uid=-1%20or%201=1#&seclev=
> [ iViZ Security Advisory 08-010 17/09/2008 ]
> -----------------------------------------------------------------------
> iViZ Techno Solutions Pvt. Ltd.
> http://www.ivizsecurity.com
> -----------------------------------------------------------------------
> * Title: McAfee SafeBoot Device Encryption
> Plain Text Password Disclosure
> * Date: 17/09/2008
> * Software: McAfee SafeBoot Device Encryption v4, Build 4750 and below
> --[ Synopsis:
> The password checking routine of SafeBoot Device Encryption fails to
John:
Thank you for your reply.
Indeed, as I tried to explain in my previous reply, my "suggestion" in obscurity as a means of securing things, was not meant as (encryption of encryption) ^ ?, rather building another barrier to make it "harder" for compromise.
IMO, a "real" solution would be to be able to deploy/install Pidgin in a fashion so that:
a) the accounts.xml file's location can be overriden (so that I can re-direct to a network shared TrueCrypt drive over an IPSEC protected pipe in a VLAN'd network :p)
b) to be able to disable the "Save Password" option and ensure it cannot be overridden by the user by default
> All versions of RKM Java Client
> RKM PKCS#11 Module for LT0-4
> RKM PKCS#11 Module for Oracle TDE
> RKM Server, all versions and platforms
> RKM Appliance, all versions
> Customer using EMC PowerPath with RSA encryption
> Customer using Brocade Encryption Switches with RSA encryption
>
> What is the impact?
> An attacker can attempt to modify the cache to insert an arbitrary encryption key that may lead to data unavailability (such as decryption failure of data encrypted by that modified key).
>
All versions of RKM Java Client
RKM PKCS#11 Module for LT0-4
RKM PKCS#11 Module for Oracle TDE
RKM Server, all versions and platforms
RKM Appliance, all versions
Customer using EMC PowerPath with RSA encryption
Customer using Brocade Encryption Switches with RSA encryption
What is the impact?
An attacker can attempt to modify the cache to insert an arbitrary encryption key that may lead to data unavailability (such as decryption failure of data encrypted by that modified key).
Memisyazici, Aras wrote:
> John:
>
> Thank you for your reply.
>
> Indeed, as I tried to explain in my previous reply, my "suggestion" in obscurity as a means of securing things, was not meant as (encryption of encryption) ^ ?, rather building another barrier to make it "harder" for compromise.
Which we can't do, because we need to be able to generate the hash a given
server requires. Some protocols can ask for different types of hashes at
various times, and if we store the password in a non-reversible hash we lose the
ability to use these protocols. Not to mention the fact that it still does
> The pidgin client inherits client side password disclosure
> vulnerability. The credentials used to
> connect to the required service i.e. username and password is not
> encrypted properly. The credentials
what do you propose? encrypt the password and store the encryption key
in memory? encrypt the password and the encryption key and store the
encryption key of the encryption key in memory?
if your program needs to use a password for pretty much anything, it
needs to be in.... you guessed it - memory.
Router#show crypto isakmp policy
Global IKE policy
Default protection suite
encryption algorithm: DES - Data Encryption Standard (56 bit keys).
hash algorithm: Secure Hash Standard
authentication method: Rivest-Shamir-Adleman Signature
Diffie-Hellman group: #1 (768 bit)
lifetime: 86400 seconds, no volume limit
Vendor: QNAP Systems
Products (verified): TS-239 Pro, TS-639 Pro
Products (unverified): SS-439 Pro, TS-439 Pro, TS-439U-SP/RP,
TS-509 Pro, SS-839 Pro, TS-809 Pro, TS-809U-RP
Vulnerability: hard disk encryption bypass due recovery key
Affected Releases: 3.1.1 0815, 3.1.0 0627, 2.1.7 0613,
and presumably all other
Severity: Moderate/High
CVE: CVE-2009-3200
#
#############################################################
#
# Product: LSrunasE, Supercrypt
# Vendor: Geert Moernaut
# Type: Flawed Encryption
# Risk: Medium
# Author: Daniel Roethlisberger
# Date: 2008-01-29
# CVE Name: CVE-2007-6340
#
> The pidgin client inherits client side password disclosure
> vulnerability. The credentials used to
> connect to the required service i.e. username and password is not
> encrypted properly. The credentials
what do you propose? encrypt the password and store the encryption key
in memory? encrypt the password and the encryption key and store the
encryption key of the encryption key in memory?
if your program needs to use a password for pretty much anything, it
needs to be in.... you guessed it - memory.
It is important to note that CALEA only applies to telecommunications
services and explicitly exempts information services. Furthermore, there is
this exception:
(3) ENCRYPTION- A telecommunications carrier shall not be
responsible
for decrypting, or ensuring the government's ability to decrypt, any
communication encrypted by a subscriber or customer, unless the
encryption
Hi Larry,
> - use drive
> encryption, use 2-factor authentication, use hibernate instead of sleep,
> use group policy to enforce them.
Uh... yeah. So how again does drive encryption help you against this
attack? Certain forms of 2-factor auth might help you, but all of the
kinds I've seen would still rely on encryption keys in memory to encrypt
any sensitive data on the drive, not to mention the fact that writing to
> system is powered off. Even if the memory has some residual charge I'm
> sure it's far less reliable than with sleep.
Yeah, but the whole point is if it's written to disk, the data is much
easier to get at. The hard thing to do is steal memory. I've read that
some HD encryption systems encrypt the hibernate file too, so perhaps
you're better off in that situation. However, if the attacker
anticipates this, he could simply power the system on, get the
come-out-of-hibernation login prompt, compromise the kernel by injecting
a driver or some such thing with a FireWire Memory attack, and then send
it back into hibernate or something along those lines and wait for the
Architecture: ARM
Designed by: Storm Semiconductor Inc (www.storlinksemi.com)
Problem:
Hard disk encryption key stored in plain on unencrypted partition.
Time line:
Found: 09. March 2008
Reported: 09. March 2008
To: L-rsyncrypto <rsyncrypto-devel@lists.sourceforge.net>
Background
Rsyncrypto[1] is a file encryption tool. It has a single RSA key that
encrypts symmetric AES keys per file. The files themselves are subject
to an encryption method that is based on CBC, but does a
security-performance trade off. In particular, the files are encrypted
in such a way that re-encrypting, using the same key, a file that was
slightly modified will result in slightly modified cypher text. This is
Larry Seltzer wrote:
>>>WRT the DMA access over FireWire it's but a bad response since it
>doesn't get the point!
>>>1. Drive encryption won't help against reading the memory.
>>>2. The typical user authentication won't help, we're at hardware level
>>> here, and no OS needs to be involved.
>>>3. The computer is up (and running; see above), no hibernate or sleep
>>> is involved here.
>
Any input from a user is susceptible to tampering. The advisory is specifically about vulnerabilities in how frameworks handle view states. While the frameworks provide functions to secure the view states, the specific vulnerabilities are not documented by the vendors.
Apache's documentation states that the encryption is only needed when t:SaveState tag is used. Sun provides no specific recommendations on encrypting the view state. Microsoft recommends securing the view state, but doesn't provide concise information about what will happen if you don't.
The purpose of our advisory was to show that unsecured view states will always be vulnerable to real-world attacks. This changes view state security from a best-practice to a demonstrable vulnerability for all applications developed on the three frameworks described.
Regarding your specific questions:
1) Yes, we did find specific vulnerabilities in all three products listed. The Microsoft vulnerability is demonstrated in the advisory. The Apache MyFaces vulnerability is described in the advisory, but a specific attack is beyond the scope of the advisory. Trustwave has released Deface (https://www.trustwave.com/spiderLabs-tools.php) to demonstrate an actual attack. The Sun Mojarra vulnerability is essentially the same as the one in Apache MyFaces, but is not supported by Deface. If you are familiar with Java, Deface can be modified for use with Mojarra.
Larry Seltzer wrote:
>>>WRT the DMA access over FireWire it's but a bad response since it
>doesn't get the point!
>>>1. Drive encryption won't help against reading the memory.
>>>2. The typical user authentication won't help, we're at hardware level
>>> here, and no OS needs to be involved.
>>>3. The computer is up (and running; see above), no hibernate or sleep
>>> is involved here.
>
handling.
The data written during this event is the result of the AES-CTS
decryption of the 32 bytes preceding the input buffer. The attacker
might not be able to directly influence the contents of the 32 bytes
preceding the input buffer, and might not know the encryption key that
will be used. Without knowledge of the encryption key, the attacker
has effectively no chance to predict which byte values will be
written. Due to the strong cryptographic properties of AES, for an
attacker who knows the encryption key but who does not have perfect
knowledge of the bytes to be decrypted, the probability of producing
Wow, security through obscurity. That's a good practice alright. So
you propose that I and my fellow Pidgin developers implement security
through obscurity, thus giving our users a false sense of security? No
chance. Note also that we store passwords on-disk without any form of
encryption or obfuscation, which has been debated to death on numerous
occasions--so much so, in fact, that we've written an FAQ entry dealing
specifically with this. Additionally, *any* form of encryption that we
were to use would have to be reversible, as storing protocol-specific
hashes is, as Siim pointed out, no better than storing the plain text.
Reversible encryption again makes it completely trivial to decrypt the
> I actually do have a response fom Microsoft on the broader issue, but it
> doesn't address these issues or even concded that there's necessarily
> anything they can do about it. They instead speak of the same
> precautions for physical access that they spoke of a couple weeks ago
> with respect to the "frozen notebook memory" attack - use drive
> encryption, use 2-factor authentication, use hibernate instead of sleep,
> use group policy to enforce them. I don't think it's a bad response
> under the circumstances.
WRT the DMA access over FireWire it's but a bad response since it doesn't
get the point!
Next Page>>
|
