Bleichenbacher and Dictionary Attacks on IPsec IKE
Fortinet PSIRT Advisories
Fortinet PSIRT Contact:
Website: https://fortiguard.fortinet.com/faq/psirt-contact
FG-IR-18-214
Final
1
1
2018-08-27T00:00:00
Current version
2018-08-27T00:00:00
2018-08-27T00:00:00
Two new attacks on IPsec IKE (Internet Key Exchange) were recently disclosed [1], involving multiple ways to perform attacks against IKE signature based and PSK (Pre-Shared Key) authentications. The end goal is to crack IPsec VPN encrypted communications.The relevant CVEs are:CVE-2018-5389: Practical Dictionary Attacks on IPsec IKECVE-2018-0131: Bleichenbacher Attacks on IPsec IKE
Information Disclosure
FortiOS is affected by CVE-2018-5389 when using a Pre-Shared Key as the IKE authentication method in IPsec VPN.FortiOS is not impacted by CVE-2018-0131, since the related IPsec IKE authentication features (PKE/RPKE) are not supported.The following products are not affected by any of the CVEs above: FortiAPFortiAnalyzerFortiSwitch
Since CVE-2018-5389 is a protocol level attack enabling dictionary-based brute force cracking, there exists mitigation to disable it altogether, or drastically lower its practical feasibility:1. Choose digital signature authentication (RSA authentication with Certificates) instead of Pre-Shared Key in IKE authentication. This effectively prevents the attack completely.2. If the above is not acceptable given the environment, and Pre-Shared Key has to be chosen, a minimum of 12 high-entropy random ASCII characters should be used as the key (with 20 characters being preferable). This renders the attack unpractical in the current state of computing power available for brute-force cracking.
https://fortiguard.fortinet.com/psirt/FG-IR-18-214
Bleichenbacher and Dictionary Attacks on IPsec IKE
[1] https://www.ei.rub.de/media/nds/veroeffentlichungen/2018/08/13/sec18-felsch.pdf
[1] https://www.ei.rub.de/media/nds/veroeffentlichungen/2018/08/13/sec18-felsch.pdf
[2] https://web-in-security.blogspot.com/2018/08/practical-bleichenbacher-attacks-on-ipsec-ike.html
[2] https://web-in-security.blogspot.com/2018/08/practical-bleichenbacher-attacks-on-ipsec-ike.html
[3] https://web-in-security.blogspot.com/2018/08/practical-dictionary-attack-on-ipsec-ike.html
[3] https://web-in-security.blogspot.com/2018/08/practical-dictionary-attack-on-ipsec-ike.html
Bleichenbacher and Dictionary Attacks on IPsec IKE
CVE-2018-5389
CVE-2018-0131
0
https://fortiguard.fortinet.com/psirt/FG-IR-18-214
Bleichenbacher and Dictionary Attacks on IPsec IKE
Reference>
[1] https://www.ei.rub.de/media/nds/veroeffentlichungen/2018/08/13/sec18-felsch.pdf
[1] https://www.ei.rub.de/media/nds/veroeffentlichungen/2018/08/13/sec18-felsch.pdf
[2] https://web-in-security.blogspot.com/2018/08/practical-bleichenbacher-attacks-on-ipsec-ike.html
[2] https://web-in-security.blogspot.com/2018/08/practical-bleichenbacher-attacks-on-ipsec-ike.html
[3] https://web-in-security.blogspot.com/2018/08/practical-dictionary-attack-on-ipsec-ike.html
[3] https://web-in-security.blogspot.com/2018/08/practical-dictionary-attack-on-ipsec-ike.html