Cyber News - DUHK (Do not Use Hard-coded Keys) is a new 'non-trivial' cryptography implementation vulnerability that allows attackers to recover encryption keys from secure VPN connections and web browsing sessions.
DUHK is the third crypto-related vulnerability reported this month following the KRACK Wi-Fi attack and ROCA factorization attacks.
The vulnerability affects products from dozens of vendors, including Fortinet, Cisco, TechGuard, whose devices rely on ANSI X9.31 RNG - an outdated pseudorandom generation algorithm - 'along with Hard-Coded key seeds'.
Before being removed from the FIPS pseudorandom number algorithm list approved in January 2016, ANSI X9.31 RNG has been incorporated into various cryptographic standards over the past three decades.
Pseudorandom number generators (PRNGs) do not generate any random numbers at all. Instead, it is a deterministic algorithm that produces a sequence of bits based on an initial secret value called a seed and its current state. This always results in the same bit sequence to be used with the same initial value.
Some vendors keep these 'secret' seed values hard-coded into their product source code, making it vulnerable to the reverse-engineering firmware.
Found by cryptographic researchers - Shaanan Cohney, Nadia Heninger, and Matthew Green - DUHK, a 'state recovery attack', allows a man-in-the-middle attacker, who already knows the seed value, to recover the current state value after observing multiple outputs.
By using both values in hand, the attacker can then use them to recalculate the encryption key, which allows them to recover encrypted data including 'sensitive business data, login credentials, credit card data and other confidential content'.
"To demonstrate the practicality of this attack, we developed a full passive decryption attack on the FortiGate VPN gateway product using FortiOS version 4." says the researcher.
"Our scan found at least 23,000 devices with publicly visible IPv4 addresses running vulnerable FortiOS versions."
Security researchers have released a brief blog post and a technical research paper on a website specifically for the DUHK attack: https://duhkattack.com
DUHK is the third crypto-related vulnerability reported this month following the KRACK Wi-Fi attack and ROCA factorization attacks.
The vulnerability affects products from dozens of vendors, including Fortinet, Cisco, TechGuard, whose devices rely on ANSI X9.31 RNG - an outdated pseudorandom generation algorithm - 'along with Hard-Coded key seeds'.
Before being removed from the FIPS pseudorandom number algorithm list approved in January 2016, ANSI X9.31 RNG has been incorporated into various cryptographic standards over the past three decades.
Pseudorandom number generators (PRNGs) do not generate any random numbers at all. Instead, it is a deterministic algorithm that produces a sequence of bits based on an initial secret value called a seed and its current state. This always results in the same bit sequence to be used with the same initial value.
Some vendors keep these 'secret' seed values hard-coded into their product source code, making it vulnerable to the reverse-engineering firmware.
Found by cryptographic researchers - Shaanan Cohney, Nadia Heninger, and Matthew Green - DUHK, a 'state recovery attack', allows a man-in-the-middle attacker, who already knows the seed value, to recover the current state value after observing multiple outputs.
By using both values in hand, the attacker can then use them to recalculate the encryption key, which allows them to recover encrypted data including 'sensitive business data, login credentials, credit card data and other confidential content'.
"To demonstrate the practicality of this attack, we developed a full passive decryption attack on the FortiGate VPN gateway product using FortiOS version 4." says the researcher.
"Our scan found at least 23,000 devices with publicly visible IPv4 addresses running vulnerable FortiOS versions."
Security researchers have released a brief blog post and a technical research paper on a website specifically for the DUHK attack: https://duhkattack.com
No comments:
Post a Comment