Vigil@nce: Cisco ASA, PIX, VPN, enumeration of groupnames
December 2010 by Vigil@nce
This bulletin was written by Vigil@nce : http://vigilance.fr/
SYNTHESIS OF THE VULNERABILITY
When a PSK authentication is used, an attacker can guess valid
identifiers with a brute force attack.
– Severity: 2/4
– Creation date: 30/11/2010
DESCRIPTION OF THE VULNERABILITY
The VPN PSK (Pre-Shared Key) authentication uses an
identifier/password. The identifier is called the "groupname". The
password is called the pre-shared key.
When a VPN client authenticates with a bad identifier, Cisco
products do not answer. When the identifier is valid, an answer
packet is sent back. An attacker can thus guess if an identifier
is valid.
Impacted products are:
– Cisco ASA 5500
– Cisco PIX 500
– Cisco VPN 3000 Series Concentrators
When a PSK authentication is used, an attacker can therefore guess
valid identifiers with a brute force attack.
ACCESS TO THE COMPLETE VIGIL@NCE BULLETIN
http://vigilance.fr/vulnerability/Cisco-ASA-PIX-VPN-enumeration-of-groupnames-10166