Tuesday, 24 October 2017

25,000 Fortinet Devices Vulnerable To DUHK Attacks


Over 25,000 Fortinet devices used for vpn connections and accessible via the Internet are vulnerable to a new DUHK cryptographic attack, allowing attackers to decrypt passive vpn connections to read traffic.

DUHK stands for Do not Use Hard-coded Keys and was developed by Matthew Green , cryptographer and professor at Johns Hopkins University, in collaboration with Nadia Heninger and Shaanan Cohney. Vulnerability occurs with the ANSI X9.31 Random Number Generator (RNG) in combination with a hard-coded seed key. The ANSI X9.31 RNG is a more than 20 year old algorithm that was used to recently to generate cryptographic keys that are used to protect vpn connections and web sessions so that third parties can not intercept.

Through the DUHK attack, an attacker of vulnerable implementations can detect the secret encryption key, thus decrypting and reading traffic from vpn connections and web sessions. This may include sensitive information, such as company information, login information, credit card information, and other confidential content. The ANSI X9.31 RNG is used in many government-certified products. Until last year, ANSI X9.31 RNG was one of four number-generators approved by the United States for use in cryptographic modules. However, it has been removed from the list.

Network manufacturer Fortinet made use of this vulnerable number generator. It's about devices with FortiOS 4.x. All Fortinet vpn devices with FortiOS 4.3.0 to FortiOS 4.3.18 can be decrypted by a passive network attacker who can detect encrypted handshake traffic. Fortinet released FortiOS 4.3.19 last year to update the problem. According to Green, there are more than 25,000 vulnerable vpn devices on the Internet. The professor argues that it is a "conservative number", as only machines were counted that responded to the researchers' scans. The researchers have published a document with their findings ( pdf ) but will not disclose the attack code.

No comments:

Post a Comment