1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Update on QuickVPN security breach.

Discussion in 'Cisco Small Business Routers and VPN Solutions' started by mvalenci, Dec 22, 2006.

Thread Status:
Not open for further replies.
  1. mvalenci

    mvalenci LI Guru Member

    I have updated the latest security breach information regarding QuickVPN.
    The address for the documents and other files (hack applications to be loaded) can be found at http://www.logelog.com/linksys/

    The latest document contains interesting information which discloses the device's private RSA keys. I'd be glad to get your comments and to update the page should there be and progress with Linksys-Cisco concerning this matter.

    thanks
    Moshe
     
  2. DocLarge

    DocLarge Super Moderator Staff Member Member

  3. Toxic

    Toxic Administrator Staff Member

    Hi again.

    Your websites content is old and out dated, though your document is supposed to be dated 23rd Dec.

    Linksys has updated QuickVPN and some firmwares already since your last outburst about the security of quickvpn. (RV0xx and WRV200)
    other QuickVPN Routers will follow.
     
  4. mvalenci

    mvalenci LI Guru Member

    updated QuickVPN

    I was in contact with Linksys officials who sent me their QuickVPN and some firmware update. After spending some time on their fix, I didn't see how it addresses my concerns as I was still able to hack it through. I’d be surprised if Linksys officials came to this forum trying to close this issue, while I consistently showed them that their product is still broken.
    Not to be rude, I think they could allow themselves to send me an RV router and jointly work with me - the originator of this finding.
    Rather than doing that, they publicly announced that "case is closed".

    The latest QuickVPN release notes states that:
    "To enhance the security of the QuickVPN protocol, this release of QuickVPN client will verify whether the SSL certificate presented by the remote QuickVPN server is trustable. Currently the client only trusts the certificates that are present in the installation directory of the QuickVPN client. "

    This is a nice try, but the protocol is still broken - sorry to upset some of you.
    Please note that my "outdated" document releases new facts such as RSA private keys, so even if you follow the install notes, the secret RSA key is a public domain.
    Having the device’s secret key still allows man in the middle attack :)
     
  5. Toxic

    Toxic Administrator Staff Member

    you have quoted in your documentation:

    it does in the new firmware. there is an initial certificate in ALL firmwares but you can generate your own look at image:


    I own several Linksys routers, including the WRG54G router.

    Please tell what is a WRG54G? I have never heard of it?
     

    Attached Files:

  6. mvalenci

    mvalenci LI Guru Member

    This is probably a typo, I meant WRV54G.

    I can see that Linksys did some effort, impressive.

    So, should I take it that Linksys allows updated certificate only in their new hardware, assuming that their unsupported customers will toss their perfectly working but unsupported other hardware (which is not so old) ? how shame... I will keep this in mind when choosing my next product.

    Keep in mind that most router's default RSA key is a public domain. have thay forced users to generate a new keypair? if not, users still has to be alerted that QuickVPN is insecure.

    last but no least, SSL may be used by some for remote administration, so this problem exists in a larger scale, not just in QuickVPN.

    Cheers
    Moshe
     
  7. DocLarge

    DocLarge Super Moderator Staff Member Member

    My gawd, man, do you ever let up? :) For the record, why would people have to throw away their old hardware when we're in the age of updates? The answer is "NO," people will not have to throw away their current routers.

    Additionally, with version 1.0.47, the QuickVPN client will verify the certificate presented by the remote QuickVPN server (router) according to the certificates stored in its local directory. Since each QuickVPN server now is capable of generating a unique certificate, a compromized QuickVPN server will not affect the security of other QuickVPN servers. The recently released fix achieves the desired security at the cost of additional administration cost for managing and distributing certificates.

    Now, if you still feel the need to persist with this issue, "we" could possibly arrange a test for you to utilize your ability to compromise quickvpn servers.

    So, take note (yet again), there is no global secuity threat in using quickvpn. Considering the cost for a quickvpn enabled device (varied) and the client (free), most people enjoy the simplicity of such an application...

    Jay
     
  8. eric_stewart

    eric_stewart Super Moderator Staff Member Member

    Yeah, Merry Christmas!

    No, seriously...what Linksys has done is they've closed down a security hole (actually a nanometer wide pin ***** of a hole) that was inconsequential to begin with to one that is so minute that only a babbling idiot would notice, let alone pause to comment about. THIS IS A *SOHO* DEVICE dummy (not you Doc, Mvalenci). The fact that an attacker could conceivably pretend to be your home/offic VPN server by wearing Linksys flower-patterned pyjamas for the sole purpose of fooling you into bed with it is ludicrous.

    The new server-generated certificates do *NOT* carry a clear-text private key. I've looked at it. The private key's modulus and signing algorithm are represented (as they should be) in the VPN gateway's X.509 certificate / key file (this is after all a self-signed certificate....you *DO* know what that means right?) The X.509 certificate is issued by MAC address = VPN gateway and is therefore unique to the server. It is cached on the VPN client when the VPN is established. The VPN client warns the user if the server's certificate has changed in subsequent sessions. Now the server can put on a new pair of pyjamas when ever it wants to. Of course this only happens when you, the administrator, regenerate the server's certificate, so I guess you'll know if it changes right? It's still the VPN client's prerogative whether it jumps into bed with the server and its freshly laundered pair of new pyjamas. It can just say "no" if you follow my drift.

    I'll show you mine. Why don't you show me yours? Here's my certificate you self-styled hacker extroadinaire. Please feel free to hack into my RV042. Got the cajones? (I'll save you from having to look this up. It's a spanish term for spherical pieces of the anatomy that represent the male's ability to perpetuate the species. It is not often used during polite conversations and is most definitely not a term of endearment nor any attempt at striking up male camraderie)

    -----BEGIN RSA PRIVATE KEY-----
    Proc-Type: 4,ENCRYPTED
    DEK-Info: DES-EDE3-CBC,79CF716E3F6C84AF

    z2HMJ4uD2CcMefetVG/zN5vgW2jyIARSE/f7laNwHPnX4OJKpLeL1YU0Nm92WvBN
    KE+ZemNls5V3/4vvxm9xMth1I5rgHVNaG2hNLcbIYdH991zUQ5Bu86P3EeKeCbz0
    i1Ukeup1hZs50bS67o81IHeYO7bsTKYJqFftj2B3yoi9o4cBECgxhuB3DYX5THg+
    tuTAtTeDz7HRw9TLz/4nqXBffROhlCm4TqB10DwdVzsgASnVKXzTJYXLCTEXuWSk
    GD5NuLuFZQgdcoZNeVKCvuW8GimdKOz9aRdOkpgfyQVQ0Z6QY7ioD5eZtG0msgNh
    /E5LBiZr2iBPVydBrhTifpYFgpeHrZY3Q1uirO7KogNTimE59in3RLadPShvEtth
    9QcbhWrDojhQQxYclW1cFfERvxzfU9QuZ2m9bESCzJkR1cdhVfiNvAXJlDuf2KFz
    FvXMhl9kxxO2EF8n+sks2JOA0kP6jdfd3F6hLwMxKTk5ZgBINsOuGLmXkkkIlngu
    MOrIsjSahL6XDKxWOw7NvphiFCn0wLieq9kkxeCC42DXYtJZR5gm6zxj2NhMg0ta
    Q7UengRSzm9cEH80qvg91Tdwrcgh3Rlm8QkVscAebk/PF3t/7SlDH5Bjsvio22Us
    7SDX4LmUu+/xN8pa+vY3EvvGMEUFOCxkvPs9bhiDzql0I3w6qLurQw0ZBqHwyOlD
    kpqG6eWKZBXPuTShsq026YBMi7tB0h7Xh6EpkguKfVN7u4TshCdLshxRQc6G+gkj
    moO0LhL5H0ZU8H8+wldpz/c4NlICjmu4J7o4Hoc15Xt+4FbfjjON4Q==
    -----END RSA PRIVATE KEY-----
    -----BEGIN CERTIFICATE-----
    MIICbDCCAdWgAwIBAgIBATANBgkqhkiG9w0BAQUFADB8MRowGAYDVQQDExEwMDox
    MjoxNzo0YzplNDpmMDEOMAwGA1UECxMFUlYwNDIxGzAZBgNVBAoTEkNpc2NvLUxp
    bmtzeXMsIExMQzELMAkGA1UEBhMCVVMxDzANBgNVBAcTBklydmluZTETMBEGA1UE
    BBMKQ2FsaWZvcm5pYTAeFw0wMzAxMDEwMDAwMDZaFw0xMjEyMjkwMDAwMDZaMHwx
    GjAYBgNVBAMTETAwOjEyOjE3OjRjOmU0OmYwMQ4wDAYDVQQLEwVSVjA0MjEbMBkG
    A1UEChMSQ2lzY28tTGlua3N5cywgTExDMQswCQYDVQQGEwJVUzEPMA0GA1UEBxMG
    SXJ2aW5lMRMwEQYDVQQEEwpDYWxpZm9ybmlhMIGfMA0GCSqGSIb3DQEBAQUAA4GN
    ADCBiQKBgQC0gUSpEMKHbV9XzNNBnm2fHjBnBwu6ABO9+QIR+b+/T+yzx2HoXEvK
    yJ4AkVaoSlW+AcpLRjdkgmIC9alCrD5MPqfOlEfniWWRfCmVnG3WD0LsJj7c0tpb
    HdDpz9LEsn/OGuHc9Tj/vYqPZPGWhigZHHxioLT31ejGrrnskEaCjQIDAQABMA0G
    CSqGSIb3DQEBBQUAA4GBAIGDpudRObOTmPaM7Z7WiV6OUnHIlkWRTeaPLEcR0Rnt
    Ynh/PMQc4AbJRRzSBr0pZG9XU3uk8E+zXzx1c42Gvqy4I9jvkvRIbBGzHq3DYPUQ
    fQ+P+jXouX9MFixqnv8gpzPe+loxPJ44ji0yQt+bIGDIgeNoPbV3gNTIxrIqjDzj
    -----END CERTIFICATE-----

    Here it is human readable format:

    root@mail:/home/dad# openssl x509 -noout -text -in rv042.txt
    Certificate:
    Data:
    Version: 3 (0x2)
    Serial Number: 1 (0x1)
    Signature Algorithm: sha1WithRSAEncryption
    Issuer: CN=00:12:17:4c:e4:f0, OU=RV042, O=Cisco-Linksys, LLC, C=US, L=Irvine, SN=California
    Validity
    Not Before: Jan 1 00:00:06 2003 GMT
    Not After : Dec 29 00:00:06 2012 GMT
    Subject: CN=00:12:17:4c:e4:f0, OU=RV042, O=Cisco-Linksys, LLC, C=US, L=Irvine, SN=California
    Subject Public Key Info:
    Public Key Algorithm: rsaEncryption
    RSA Public Key: (1024 bit)
    Modulus (1024 bit):
    00:b4:81:44:a9:10:c2:87:6d:5f:57:cc:d3:41:9e:
    6d:9f:1e:30:67:07:0b:ba:00:13:bd:f9:02:11:f9:
    bf:bf:4f:ec:b3:c7:61:e8:5c:4b:ca:c8:9e:00:91:
    56:a8:4a:55:be:01:ca:4b:46:37:64:82:62:02:f5:
    a9:42:ac:3e:4c:3e:a7:ce:94:47:e7:89:65:91:7c:
    29:95:9c:6d:d6:0f:42:ec:26:3e:dc:d2:da:5b:1d:
    d0:e9:cf:d2:c4:b2:7f:ce:1a:e1:dc:f5:38:ff:bd:
    8a:8f:64:f1:96:86:28:19:1c:7c:62:a0:b4:f7:d5:
    e8:c6:ae:b9:ec:90:46:82:8d
    Exponent: 65537 (0x10001)
    Signature Algorithm: sha1WithRSAEncryption
    81:83:a6:e7:51:39:b3:93:98:f6:8c:ed:9e:d6:89:5e:8e:52:
    71:c8:96:45:91:4d:e6:8f:2c:47:11:d1:19:ed:62:78:7f:3c:
    c4:1c:e0:06:c9:45:1c:d2:06:bd:29:64:6f:57:53:7b:a4:f0:
    4f:b3:5f:3c:75:73:8d:86:be:ac:b8:23:d8:ef:92:f4:48:6c:
    11:b3:1e:ad:c3:60:f5:10:7d:0f:8f:fa:35:e8:b9:7f:4c:16:
    2c:6a:9e:ff:20:a7:33:de:fa:5a:31:3c:9e:38:8e:2d:32:42:
    df:9b:20:60:c8:81:e3:68:3d:b5:77:80:d4:c8:c6:b2:2a:8c:
    3c:e3

    Oh, and BTW....you're absolutely right. The vast unwashed masses out there are definitely going out on a security limb if they don't immediately address this issue and patch this monumental security flaw per your instructions. The mark of a true sophisticate is to admit when they're wrong and just shut up. Your scholarly diatribe "Don't impress me much". I've been in this business 2 decades and have seen people like you come and go...mostly go. And before you say that I don't understand your academic work of art, let me simply say, "Puhlease!"

    Oh, you can't hack into it? You need my IP address and my assistance to launch this exploit? Imagine that.

    /Eric
     
  9. mvalenci

    mvalenci LI Guru Member

    sorry

    I’m not going to hack anyone, my identity is not a secret, relax man, why is the upset and flaming ? :)

    I just want to stress and sum up that the QuickVPN ecosystem is insecure for many users who:
    1) Did not change their default RSA key which is public domain.
    2) Are not supported by Linksys, because their routers are just unsupported as someone wants you to buy a new router.


    Marry Christmas, to you and your own.
     
  10. DocLarge

    DocLarge Super Moderator Staff Member Member

    *Ahem*

    So, let's wrap this up...

    Mr Valencia, you are still claiming quickvpn is insecure.

    Eric has demonstrated there is no security issue of any consequence (as has continually been stated); furthermore, he's got the following certifications to his credit to back his findings: CCNA, CCNP, CCSP, CCSI

    The last two stand for Cisco Certified Security Professional and Cisco Certified Security Instructor.

    Based on this, I "think" users reading this will know who's advice to follow.

    QUICKVPN FOR EVERYBODY!!! WOO-HOO!!!

    Jay
     
  11. Toxic

    Toxic Administrator Staff Member

    lol. I wonder if santa uses QuickVPN :)

    All I have to say is Linksys IS working on ALL devices that support QuickVPN. The vast majority of devices should have new firmware that incorporates a built in Certificate Generator.. this will create a brand new certificate (I doubt you need it as the certs are all unique to the mac address of the router) and allow the administrator to issue the Client Certificate(Public Key) to his clients. he will also have a function to export the Private Key for backup if he needs it when updating firmware or resetting his router again.

    With the new firmware comes a new QuickVPN. The client on receipt of the certificate from his Admin, will drop the *.pem file into the installed QuickVPN folder. When starting the connection it checks the servers public cert on the local machine. if there is not one on the local machine it warns you of this.

    "Server's certificate doesn't exist on your local computer. Do you wish to quit this connection?"

    Answer "Yes" or "No".

    this is so there can be backward compatability with older firmwares on routers until new ones have been tested and released.

    I hope this can now be put to rest once all devices have new firmware, certificates and new QuickVPN Clients.
     
  12. TazUk

    TazUk Network Guru Member

    As for the complaint about support for old hardware, know one can or does support their products for ever, there has to come a time when a product is deamed OEL and the resources used to support it are focused elsewhere, such as with new products. This is especially true for SOHO products. Even someone with MS's money/resources cut support after a certain time or do you believe they should release an update for Windows 3.1 so it works efficiently on a new Intel Core Duo processor :eek: :tongue:
     
  13. Toxic

    Toxic Administrator Staff Member

    they do tend to listen a bit more now linksysinfo is here :D

    there you go again guessing. this is not the case. ALL QuickVPN supported routers will have firmware updates. The only difference that I have been told is, the WRV54G which apparently is limited to free space on the flash rom, cannot support a built in Certificate Generator, so, talk is that the WRV54G will have an import feature and come with a seperate program to create Certificates.

    Users have been told time and time again of your findings, you have gone to great lengths to setup a seperate website, and advertise the link on my website (for free might i add) but you have failed to give the full story since QuickVPN has now evolved further than you have reported on your own site.

    Anyway, I am now closing the thread before war breaks out. if you want to bitch more then take it to PM. Dont however pm me. i have explained what is being done and there is no point in further discussion. pm jay, eric or anyone else for that matter but i am not playing baby sitter for you in this thread anymore.
     
Thread Status:
Not open for further replies.

Share This Page