Update on QuickVPN security breach.

Discussion in 'Cisco Small Business Routers and VPN Solutions' started by mvalenci, Dec 22, 2006.

Thread Status:
Not open for further replies.
  1. mvalenci

    mvalenci LI Guru Member

    I have updated the latest security breach information regarding QuickVPN.
    The address for the documents and other files (hack applications to be loaded) can be found at http://www.logelog.com/linksys/

    The latest document contains interesting information which discloses the device's private RSA keys. I'd be glad to get your comments and to update the page should there be and progress with Linksys-Cisco concerning this matter.

  2. DocLarge

    DocLarge Super Moderator Staff Member Member

  3. Toxic

    Toxic Administrator Staff Member

    Hi again.

    Your websites content is old and out dated, though your document is supposed to be dated 23rd Dec.

    Linksys has updated QuickVPN and some firmwares already since your last outburst about the security of quickvpn. (RV0xx and WRV200)
    other QuickVPN Routers will follow.
  4. mvalenci

    mvalenci LI Guru Member

    updated QuickVPN

    I was in contact with Linksys officials who sent me their QuickVPN and some firmware update. After spending some time on their fix, I didn't see how it addresses my concerns as I was still able to hack it through. I’d be surprised if Linksys officials came to this forum trying to close this issue, while I consistently showed them that their product is still broken.
    Not to be rude, I think they could allow themselves to send me an RV router and jointly work with me - the originator of this finding.
    Rather than doing that, they publicly announced that "case is closed".

    The latest QuickVPN release notes states that:
    "To enhance the security of the QuickVPN protocol, this release of QuickVPN client will verify whether the SSL certificate presented by the remote QuickVPN server is trustable. Currently the client only trusts the certificates that are present in the installation directory of the QuickVPN client. "

    This is a nice try, but the protocol is still broken - sorry to upset some of you.
    Please note that my "outdated" document releases new facts such as RSA private keys, so even if you follow the install notes, the secret RSA key is a public domain.
    Having the device’s secret key still allows man in the middle attack :)
  5. Toxic

    Toxic Administrator Staff Member

    you have quoted in your documentation:

    it does in the new firmware. there is an initial certificate in ALL firmwares but you can generate your own look at image:

    I own several Linksys routers, including the WRG54G router.

    Please tell what is a WRG54G? I have never heard of it?

    Attached Files:

  6. mvalenci

    mvalenci LI Guru Member

    This is probably a typo, I meant WRV54G.

    I can see that Linksys did some effort, impressive.

    So, should I take it that Linksys allows updated certificate only in their new hardware, assuming that their unsupported customers will toss their perfectly working but unsupported other hardware (which is not so old) ? how shame... I will keep this in mind when choosing my next product.

    Keep in mind that most router's default RSA key is a public domain. have thay forced users to generate a new keypair? if not, users still has to be alerted that QuickVPN is insecure.

    last but no least, SSL may be used by some for remote administration, so this problem exists in a larger scale, not just in QuickVPN.

  7. DocLarge

    DocLarge Super Moderator Staff Member Member

    My gawd, man, do you ever let up? :) For the record, why would people have to throw away their old hardware when we're in the age of updates? The answer is "NO," people will not have to throw away their current routers.

    Additionally, with version 1.0.47, the QuickVPN client will verify the certificate presented by the remote QuickVPN server (router) according to the certificates stored in its local directory. Since each QuickVPN server now is capable of generating a unique certificate, a compromized QuickVPN server will not affect the security of other QuickVPN servers. The recently released fix achieves the desired security at the cost of additional administration cost for managing and distributing certificates.

    Now, if you still feel the need to persist with this issue, "we" could possibly arrange a test for you to utilize your ability to compromise quickvpn servers.

    So, take note (yet again), there is no global secuity threat in using quickvpn. Considering the cost for a quickvpn enabled device (varied) and the client (free), most people enjoy the simplicity of such an application...

  8. eric_stewart

    eric_stewart Super Moderator Staff Member Member

    Yeah, Merry Christmas!

    No, seriously...what Linksys has done is they've closed down a security hole (actually a nanometer wide pin ***** of a hole) that was inconsequential to begin with to one that is so minute that only a babbling idiot would notice, let alone pause to comment about. THIS IS A *SOHO* DEVICE dummy (not you Doc, Mvalenci). The fact that an attacker could conceivably pretend to be your home/offic VPN server by wearing Linksys flower-patterned pyjamas for the sole purpose of fooling you into bed with it is ludicrous.

    The new server-generated certificates do *NOT* carry a clear-text private key. I've looked at it. The private key's modulus and signing algorithm are represented (as they should be) in the VPN gateway's X.509 certificate / key file (this is after all a self-signed certificate....you *DO* know what that means right?) The X.509 certificate is issued by MAC address = VPN gateway and is therefore unique to the server. It is cached on the VPN client when the VPN is established. The VPN client warns the user if the server's certificate has changed in subsequent sessions. Now the server can put on a new pair of pyjamas when ever it wants to. Of course this only happens when you, the administrator, regenerate the server's certificate, so I guess you'll know if it changes right? It's still the VPN client's prerogative whether it jumps into bed with the server and its freshly laundered pair of new pyjamas. It can just say "no" if you follow my drift.

    I'll show you mine. Why don't you show me yours? Here's my certificate you self-styled hacker extroadinaire. Please feel free to hack into my RV042. Got the cajones? (I'll save you from having to look this up. It's a spanish term for spherical pieces of the anatomy that represent the male's ability to perpetuate the species. It is not often used during polite conversations and is most definitely not a term of endearment nor any attempt at striking up male camraderie)

    Proc-Type: 4,ENCRYPTED
    DEK-Info: DES-EDE3-CBC,79CF716E3F6C84AF

    -----END RSA PRIVATE KEY-----
    -----END CERTIFICATE-----

    Here it is human readable format:

    root@mail:/home/dad# openssl x509 -noout -text -in rv042.txt
    Version: 3 (0x2)
    Serial Number: 1 (0x1)
    Signature Algorithm: sha1WithRSAEncryption
    Issuer: CN=00:12:17:4c:e4:f0, OU=RV042, O=Cisco-Linksys, LLC, C=US, L=Irvine, SN=California
    Not Before: Jan 1 00:00:06 2003 GMT
    Not After : Dec 29 00:00:06 2012 GMT
    Subject: CN=00:12:17:4c:e4:f0, OU=RV042, O=Cisco-Linksys, LLC, C=US, L=Irvine, SN=California
    Subject Public Key Info:
    Public Key Algorithm: rsaEncryption
    RSA Public Key: (1024 bit)
    Modulus (1024 bit):
    Exponent: 65537 (0x10001)
    Signature Algorithm: sha1WithRSAEncryption

    Oh, and BTW....you're absolutely right. The vast unwashed masses out there are definitely going out on a security limb if they don't immediately address this issue and patch this monumental security flaw per your instructions. The mark of a true sophisticate is to admit when they're wrong and just shut up. Your scholarly diatribe "Don't impress me much". I've been in this business 2 decades and have seen people like you come and go...mostly go. And before you say that I don't understand your academic work of art, let me simply say, "Puhlease!"

    Oh, you can't hack into it? You need my IP address and my assistance to launch this exploit? Imagine that.

  9. mvalenci

    mvalenci LI Guru Member


    I’m not going to hack anyone, my identity is not a secret, relax man, why is the upset and flaming ? :)

    I just want to stress and sum up that the QuickVPN ecosystem is insecure for many users who:
    1) Did not change their default RSA key which is public domain.
    2) Are not supported by Linksys, because their routers are just unsupported as someone wants you to buy a new router.

    Marry Christmas, to you and your own.
  10. DocLarge

    DocLarge Super Moderator Staff Member Member


    So, let's wrap this up...

    Mr Valencia, you are still claiming quickvpn is insecure.

    Eric has demonstrated there is no security issue of any consequence (as has continually been stated); furthermore, he's got the following certifications to his credit to back his findings: CCNA, CCNP, CCSP, CCSI

    The last two stand for Cisco Certified Security Professional and Cisco Certified Security Instructor.

    Based on this, I "think" users reading this will know who's advice to follow.


  11. Toxic

    Toxic Administrator Staff Member

    lol. I wonder if santa uses QuickVPN :)

    All I have to say is Linksys IS working on ALL devices that support QuickVPN. The vast majority of devices should have new firmware that incorporates a built in Certificate Generator.. this will create a brand new certificate (I doubt you need it as the certs are all unique to the mac address of the router) and allow the administrator to issue the Client Certificate(Public Key) to his clients. he will also have a function to export the Private Key for backup if he needs it when updating firmware or resetting his router again.

    With the new firmware comes a new QuickVPN. The client on receipt of the certificate from his Admin, will drop the *.pem file into the installed QuickVPN folder. When starting the connection it checks the servers public cert on the local machine. if there is not one on the local machine it warns you of this.

    "Server's certificate doesn't exist on your local computer. Do you wish to quit this connection?"

    Answer "Yes" or "No".

    this is so there can be backward compatability with older firmwares on routers until new ones have been tested and released.

    I hope this can now be put to rest once all devices have new firmware, certificates and new QuickVPN Clients.
  12. TazUk

    TazUk Network Guru Member

    As for the complaint about support for old hardware, know one can or does support their products for ever, there has to come a time when a product is deamed OEL and the resources used to support it are focused elsewhere, such as with new products. This is especially true for SOHO products. Even someone with MS's money/resources cut support after a certain time or do you believe they should release an update for Windows 3.1 so it works efficiently on a new Intel Core Duo processor :eek: :tongue:
  13. Toxic

    Toxic Administrator Staff Member

    they do tend to listen a bit more now linksysinfo is here :D

    there you go again guessing. this is not the case. ALL QuickVPN supported routers will have firmware updates. The only difference that I have been told is, the WRV54G which apparently is limited to free space on the flash rom, cannot support a built in Certificate Generator, so, talk is that the WRV54G will have an import feature and come with a seperate program to create Certificates.

    Users have been told time and time again of your findings, you have gone to great lengths to setup a seperate website, and advertise the link on my website (for free might i add) but you have failed to give the full story since QuickVPN has now evolved further than you have reported on your own site.

    Anyway, I am now closing the thread before war breaks out. if you want to bitch more then take it to PM. Dont however pm me. i have explained what is being done and there is no point in further discussion. pm jay, eric or anyone else for that matter but i am not playing baby sitter for you in this thread anymore.
Thread Status:
Not open for further replies.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice