Knowledge Search


×
 

IPSec configurations may be vulnerable to information disclosure (NISCC/IPSEC/004033)

  [JSA10348] Show Article Properties


Legacy Advisory Id:
PSN-2005-05-010
Product Affected:
All Juniper Networks M/T/J/E-series routers; all NetScreen firewalls running ScreenOS software.
Problem:
The Internet Protocol Security (IPSec) protocol allows configurations that may be vulnerable to exploits that could result in exposure and interception of plaintext data from within an IPSec session data exchange. For an IPSec implementation to be vulnerable, the IPSec session must be configured with the Encapsulating Security Payload (ESP) protocol in tunnel mode with confidentiality and with no authentication.

For this type of IPSec session, the lack of integrity protection can expose the data stream to attacks that can recover the entire contents of the inner packets protected by IPSec.

More details on this vulnerability can be found at the website links located in the Related Links section of this bulletin.

All Juniper Networks platforms that support IPSec (M/T/J/E-series routers and ScreenOS-based firewalls) can be implemented with the protocol-vulnerable configuration. These configurations, however, are uncommon, are not recommended, and are not part of Juniper Networks default configurations.

Solution:
Customers should avoid an IPSec configuration that uses the ESP protocol in tunnel mode with encryption but with no authentication.

Solution Implementation Customers should specifically avoid using the vulnerable configurations shown in the examples below:

1) JUNOS (M/T/J-series routers):

JUNOS IPSec configurations are vulnerable in both dynamic and manual IPSec security associations.

1.1) IPSec dynamic security associations:

JUNOS IPSec configuration syntax varies depending on whether an Encryption Services (ES) PIC or an Adaptive Services (AS) PIC is used for IPSec encapsulation. (Note: The IPSec configuration syntax used in conjunction with the AS PIC is also used in J-series routers, which do not require special PICs for IPSec encapsulation.)

1.1.1) Encryption Services (ES) PIC:

Omission of the authentication-algorithm statement in a JUNOS security ipsec proposal for dynamic security associations results in a protocol-vulnerable configuration. For example:

security {
    ipsec {
        proposal test-proposal {
            protocol esp;
            encryption-algorithm 3des-cbc;
        }  <<< proposal contains no authentication-algorithm statement!
        ...
To avoid the vulnerability, the JUNOS security IPSec dynamic security-association proposal must include one of the following authentication-algorithms:

[edit security ipsec proposal test-proposal-1]
user@router# set authentication-algorithm ?
Possible completions:
  hmac-md5-96          HMAC-MD5-96 authentication algorithm
  hmac-sha1-96         HMAC-SHA1-96 authentication algorithm
1.1.2) Adaptive Services (AS) PIC / J-series:

Omission of the authentication-algorithm statement in a JUNOS services ipsec-vpn ipsec proposal for dynamic security associations results in a protocol-vulnerable configuration. For example:

services {
    ipsec-vpn {
        ipsec {
            proposal test-proposal-2 {
                protocol esp;
                encryption-algorithm 3des-cbc;
            }  <<< proposal contains no authentication-algorithm statement!
            ... 
To avoid the vulnerability, the JUNOS services ipsec-vpn ipsec dynamic security-association proposal must include one of the following authentication-algorithms:

[edit services ipsec-vpn ipsec proposal test-proposal-2]
user@router# set authentication-algorithm ?
Possible completions:
  hmac-md5-96          HMAC-MD5-96 authentication algorithm
  hmac-sha1-96         HMAC-SHA1-96 authentication algorithm
1.2) IPSec manual security associations:

1.2.1) Encryption Services (ES) PIC:

Omission of authentication statements in a JUNOS security IPSec manual security association results in a protocol-vulnerable configuration. For example:

security {
    ipsec {
        security-association test-SA-2 {
            manual {
                direction bidirectional {
                    protocol esp;
                    encryption {
                        algorithm 3des-cbc;
                    }
                }  <<< SA contains no authentication statements!
                ...
To avoid the vulnerability, the JUNOS security IPSec manual security association must include an authentication algorithm and an authentication key:

[edit groups ipsec security ipsec security-association test-SA-2 manual direction bidirectional]
user@router# set authentication algorithm ?
Possible completions:
  hmac-md5-96          HMAC-MD5-96 authentication algorithm
  hmac-sha1-96         HMAC-SHA1-96 authentication algorithm

[edit groups ipsec security ipsec security-association test-SA-2 manual direction bidirectional]
user@router# set authentication key ?        
Possible completions:
  ascii-text           Format as text
  hexadecimal          Format as hexadecimal
1.2.2) Adaptive Services (AS) PIC / J-series:

Omission of authentication statements in a JUNOS services ipsec-vpn manual security-association results in a protocol-vulnerable configuration. For example:

services {
    ipsec-vpn {
        rule rule-1 {
            term term-1 {
                then {
                    manual {
                        direction bidirectional {
                            protocol esp;
                            encryption {
                                algorithm 3des-cbc;
                            }
                        }  <<< SA contains no authentication statements!
                        ...
To avoid the vulnerability, the JUNOS services ipsec-vpn manual security association must include an authentication algorithm and an authentication key:

[edit services ipsec-vpn rule rule-1 term term-1 then manual direction bidirectional]
user@router# set authentication algorithm ?
Possible completions:
  hmac-md5-96          HMAC-MD5-96 authentication algorithm
  hmac-sha1-96         HMAC-SHA1-96 authentication algorithm

[edit services ipsec-vpn rule rule-1 term term-1 then manual direction bidirectional]
user@router# set authentication key ?        
Possible completions:
  ascii-text           Format as text
  hexadecimal          Format as hexadecimal
2) JUNOSe (E-series routers):

In JUNOSe software, use of an IPsec transform set with null authentication results in a protocol-vulnerable configuration. The null authentication options for a JUNOSe ipsec transform set are shown here:

ERX(config)#ipsec transform-set sampleNullAuthTransform ?
  ...
  esp-3des-null-auth         esp-3des-null-auth  <<<
  esp-des-null-auth          esp-des-null-auth  <<<
  ...
In this sample configuration, a transform set uses null authentication, and that transform set is then linked to the tunnel created:

ERX(config)#ipsec transform-set NullAuthTransform esp-3des-null-auth
ERX(config)#interface tunnel ipsec:sampleTunnel
ERX(config-if)#tunnel transform-set NullAuthTransform
Using des encryption would also result in a vulnerable configuration:
ERX(config)#IPSec transform-set NullAuthTransform esp-des-null-auth
Another configuration to avoid is 'wide open' IKE Phase 2 peer identities such as:

ERX(config)#interface tunnel IPSec:sampleTunnel
ERX(config-if)#tunnel peer-identity subnet 0.0.0.0 ?
  A.B.C.D or /N  The IP subnet address mask of the phase II peer identity
ERX(config-if)#tunnel peer-identity subnet 0.0.0.0 /0
Use a tighter address range or host to limit the range of inner IP header addresses allowed.

3) ScreenOS (firewalls):

ScreenOS IPSec configurations are vulnerable in both manual VPN and auto-IKE VPN configurations if using null authentication. The two ScreenOS IPSec VPN configurations to avoid are as follows:

3.1) Manual VPN:

Omission of the authentication method results in a protocol-vulnerable configuration. For example:

ns208-> set vpn vv man 2222 3333 gate 1.1.1.1 esp 3des password 1
To avoid the vulnerability, the ScreenOS manual VPN configuration must include an authentication method and password. For example:

ns208-> set vpn vv man 2222 3333 gate 1.1.1.1 esp 3des password 1 auth sha-1 password 1
3.2) AutoIKE VPN:

Use of null authentication results in a protocol-vulnerable configuration. For example:

ns208-> set ike p2-proposal myp2 esp 3des null
To avoid the vulnerability, the ScreenOS auto-IKE VPN configuration must include an authentication method. For example:

ns208-> set ike p2-proposal myp2 esp 3des sha-1
Related Links:
Severity Level:
Low
Severity Assessment:
For Juniper Networks M/T/J/E-series routers and for NetScreen firewalls running ScreenOS: Low risk as a result of the susceptibility of the IPSec protocol when used in unauthenticated configuration.