Cisco under fire for VPN vulnerability

Groupname enumeration flaw disclosed today

Robert Jaques

Security experts have uncovered a potentially serious vulnerability in Cisco's VPN 3000 series Concentrator products while performing a VPN security test for a customer.

According to NTA Monitor, the flaw affects remote access VPNs with groupname authentication, and is the first step to gaining access to the network by allowing an attacker to use a dictionary or brute-force attack to determine valid group names on the concentrator.

Advertisement

Roy Hills, technical director at NTA Monitor, explained that the issue centres on the way in which the concentrator responds to valid and invalid groupnames.

"This permits an attacker to enumerate valid groupnames on a Cisco VPN concentrator through either a dictionary attack or a brute-force attack," he said.

"Once a valid groupname is determined, the attacker can use this to obtain a hash from the concentrator, which can then be cracked offline to determine the group password.

"As the password-guessing process is offline it will not cause the concentrator to log any authentication failures."

NTA monitor warned that, once an attacker has a valid groupname and group password, it becomes possible to mount a 'man-in-the-middle' attack against the XAUTH user authentication mechanism.

Successfully carrying out such an attack would allow the hacker to snoop on or alter VPN traffic, or gain access to the network protected by the VPN.

The security testing company further warned that man-in-the-middle attacks work even if strong authentication such as SecurID is used.

"In practice, most concentrators are configured for remote access with groupname authentication, so this bug will affect the majority of users. Site-to-site VPN operation is not affected, nor is remote access with certificate authentication," NTA Monitor stated.

The issue is believed to affect all Cisco VPN 3000 Concentrator models (3005, 3015, 3020, 3030, 3060 and 3080) and all software versions prior to 4.1.7.F are vulnerable.

  • Have your say
  • Send to a friend
  • Print
  • Digg
  • Reddit
  • Share

Tags:

Do you agree?

Related whitepapers

Related jobs

Most watched

Summit: Salesforce.com on SaaS and information overload

How web services contribute to data headaches

V3.co.uk weekly debrief, 13 Nov 09

This week we discuss the inaugural V3.co.uk Summit

Analysis and Reports

Remote access - Three steps to getting connected

3.4 million UK professionals now work from home – is your company equipped?

Cost benefits of a global collaboration network

This white paper is a must read for organisations looking for evidence of the bottom-line benefits of high-definition video and voice communications

Poll

Impact of Information Overload poll

Impact of Information Overload poll

What is the biggest problem your firm faces as a result of the data explosion?

View poll results

Advertisement

White paper library

Keep up to date with the latest products, services and technologies from the world's leading IT companies; IThound.com brings you over 6,000 white papers, case studies and analyst reports.

Advertisement

Newsletter signup

Sign up for our range of FREE newsletters:

Existing User

Newsletter user login:

Enter email address to edit your newsletter preferences

Job of the week

Search thousands of IT jobs :

Search thousands of IT jobs:

Advanced search

Hiring now on ComputingCareers:

Related IT jobs

Search thousands of IT jobs :

Search thousands of IT jobs:

Advanced search

Advertisement

Spotlight

V3.co.uk weekly debrief, 13 Nov 09

This week we discuss the inaugural V3.co.uk Summit

Fingers on keyboard

New Flash vulnerability discovered

Web sites could be vulnerable to Flash attacks

Chris Adams

Summit: Microsoft Office to the rescue

Chris Adams, Office Client product manager for Microsoft UK, explains...

Illegal downloader

Industry and human rights campaigners united in opposition to "three strikes" plan

Critics says government proposals to curb illegal downloading are unworkable...

Primary Navigation