Threat Level: green Handler on Duty: Didier Stevens

SANS ISC: Cisco IOS / IOS XE security advisories - Internet Security | DShield SANS ISC InfoSec Forums


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!
Cisco IOS / IOS XE security advisories

Cisco have released three patch bulletins today http://www.cisco.com/web/about/security/intelligence/Cisco_ERP_sep15.html for issues affecting their IOS and IOS XE firmware.  The most intriguing one on the list is called "RSA based user authentication bypass vulnerability", and from the description, it sounds like key based SSH authentication can be successful "with a crafted private key" if the attacker "knows the userid and the associated RSA public key".  Well ... if it were readily possible to "craft" the private key out of a known public key, then most of our Internet crypto protocols would become invalid overnight. Hence, something else must be at the root of this problem, but what exactly, the advisory doesn't say. Probably something embarrassing, like another backdoor or default key.

 

Daniel

367 Posts
ISC Handler
"Hence, something else must be at the root of this problem, but what exactly, the advisory doesn't say. Probably something embarrassing, like another backdoor or default key."

...Or a bad PRNG. Somehow I think that might be the case.
ibell63

3 Posts
I assumed they had done something silly like comparing the client provided key against the configured public key and allowing access if they are equal rather than an actual crypto problem.
Anonymous

Sign Up for Free or Log In to start participating in the conversation!