Cisco have released three patch bulletins today http://www.cisco.com/web/about/security/intelligence/Cisco_ERP_sep15.html for issues affecting their IOS and IOS XE firmware. The most intriguing one on the list is called "RSA based user authentication bypass vulnerability", and from the description, it sounds like key based SSH authentication can be successful "with a crafted private key" if the attacker "knows the userid and the associated RSA public key". Well ... if it were readily possible to "craft" the private key out of a known public key, then most of our Internet crypto protocols would become invalid overnight. Hence, something else must be at the root of this problem, but what exactly, the advisory doesn't say. Probably something embarrassing, like another backdoor or default key.
|
Daniel 385 Posts ISC Handler Sep 23rd 2015 |
Thread locked Subscribe |
Sep 23rd 2015 6 years ago |
"Hence, something else must be at the root of this problem, but what exactly, the advisory doesn't say. Probably something embarrassing, like another backdoor or default key."
...Or a bad PRNG. Somehow I think that might be the case. |
ibell63 3 Posts |
Quote |
Sep 23rd 2015 6 years ago |
I assumed they had done something silly like comparing the client provided key against the configured public key and allowing access if they are equal rather than an actual crypto problem.
|
Anonymous |
Quote |
Sep 25th 2015 6 years ago |
Sign Up for Free or Log In to start participating in the conversation!