As mentioned at heise-newsticker, a specialized security team of ISS (X-Force) discovered two major flaws in FireWall-1 from Checkpoint. The first issue regards a format string handling error,
and the second concerns the VPN-products, including the VPN-gateway and
the SecuRemote/Secure-clients. The firewall is vulnerable because of a boundary error
in the isakmp processing, when FireWall-1 tries to authenticate a user.
Sending an extremely large "certificate request" message could be used
to execute arbitrary code with the privileges of the isakmp-process,
namely root or SYSTEM.
Results tagged “ipsec” from madness.at
IPsec can be used as a replacement to WEP in the following scenarios. Joshua Stein has implemented IPsec on OpenBSD with manual keying
between a router and a client as a replacement. Also, Thomas Walpuski
describes in detail the configuration of an IPsec Host-to-Host
connection between OpenBSD and Windows XP Professional with Authentication via X.509v3 Certificates."
In a presentation
about VPN hacking Michael Thunmann and Enno Rey talked about the
process of cracking pre-shared keys in certain IPSEC/VPN environments.
They were able to capture and crack successfully PSKs of a cisco router
due to the issue that the cisco router switches automatically to
aggressive mode if the initiating clients demands it. Key-Recovery was
done with the help of ikecrack and good old tcpdump.
