[Openswan dev] Re: [Openswan Users] Xauth Client extensions

[mcr at xelerance.com]

-----BEGIN PGP SIGNED MESSAGE-----


>>>>> "Henrik" == Henrik Nordstrom <hno at marasystems.com> writes:
    Henrik> Yes.

    Henrik> But the attacker do however need to guess (or sniff) a valid
    Henrik> identity payload to be able to exploit this.

  emphasis on the "or sniff".
  90% of the groupid/passwords I've seen are either "cisco", "cisco123"
(what cisco has on their web site), "VPN_Base_Group" (Cisco's default
group), or the name of the company involved.

  And, one may well be able to get it out of the client by attempting to
initiate with a client!

  So, it scares the willies out of me, and would keep me up at night
worrying about.  Three-way handshake makes know that at least I can
recognize an idiot before I commit to doing heavy crypto for them.

  Why haven't we seen these attacks yet? Well, why bother when you can
just use Win32RPCGetRemoteRoot()?

- --
]       ON HUMILITY: to err is human. To moo, bovine.           |  firewalls  [
]   Michael Richardson,    Xelerance Corporation, Ottawa, ON    |net architect[
] mcr at xelerance.com      http://www.sandelman.ottawa.on.ca/mcr/ |device driver[
] panic("Just another Debian GNU/Linux using, kernel hacking, security guy"); [
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.2 (GNU/Linux)
Comment: Finger me for keys

iQCVAwUBQIXGEYqHRg3pndX9AQHdpAQA7D/NUWWQUkSm5jkSiB0z4DuWOUqFEkKr
IJeJYCm/e6DIoLtoVF3PYE2ElTI8ktmwlbG6x15INi13jsaQM/X+TV+IInsWllOS
A+gb2N6YilFwPhTClHtdLPD6gjzNYABVugnukwaUu1vu4P8MeU8gb79MVhVEtG0u
8btB0kOb9AM=
=6qnD
-----END PGP SIGNATURE-----