High-Risk Flaw Found In VPN Security Protocol
An easy-to-exploit vulnerability in certain configurations of a widely used VPN protocol suite could allow malicious hackers to intercept network communications believed to be secure, according to a warning from a British security research outfit.
Source: eWeekA high-risk alert from the U.K.-based NISCC (National Infrastructure Security Co-ordination Centre) pinpointed the flaw in IP Security, the set of protocols used to support secure exchange of packets at the IP layer.
Because IPSec is deployed widely to implement VPNs, most vendor implementations of the protocol are likely to be affected.
The NISCC said the flaw exists only in certain configurations of IPSec that use ESP (Encapsulating Security Payload) in tunnel mode with confidentiality only.
The flaw also affects configurations with integrity protection being provided by a higher layer protocol and some IPSec configurations using the key AH (Authentication Header) protocol to provide integrity protection.
"If exploited, it is possible for an active attacker to obtain the plaintext version of the IPSec-protected communications using only moderate effort," the Center said.
0