what you don't know can hurt you

Viprinet Multichannel VPN Router 300 Identity Verification Fail

Viprinet Multichannel VPN Router 300 Identity Verification Fail
Posted Feb 5, 2016
Authored by Tim Brown | Site portcullis-security.com

Viprinet Multichannel VPN Router 300 fails to verify the remote SSL VPN endpoint identity.

tags | advisory, remote
advisories | CVE-2014-9754, CVE-2014-9755
MD5 | 541e8718c57acb4a09240bf5249f7370

Viprinet Multichannel VPN Router 300 Identity Verification Fail

Change Mirror Download

Vulnerability title: Remote SSL VPN Endpoint Identity Not Verified In Viprinet Multichannel VPN Router 300

CVE: CVE-2014-9754, CVE-2014-9755

Vendor: Viprinet

Product: Multichannel VPN Router 300

Affected version: 2013070830/2013080900

Fixed version: 2014013131/2014020702
Reported by: Tim Brown

In order for the hardware VPN client on the affected device to establish a VPN channel it connects to the remote VPN endpoint and initiates an SSL connection using TLSv1.1. It then initiates the following exchange (protocol version 2):

client> VERSION 3
server> ERROR
client> VERSION 2
server> +OK Protocol version 2 chosen
client> TUNNEL test
server> +OK Tunnel chosen
client> PASS test
server> +OK You are now authenticated
client> CHANNEL test
server> +OK Channel selected
client> DATA

The hardware VPN client does not validate the remote VPN endpoint identity (through the checking of the endpoint’s SSL key) before initiating the exchange.

In this example, we perform a downgrade attack from protocol version 3 to protocol version 2, however as noted in the impact, version 3 of the protocol is similarly affected.

Note: MITRE have assigned CVE-2014-9754 to reference the missing certificate validation and CVE-2014-9755 to reference the protocol downgrade attack.

Further details at: https://www.portcullis-security.com/security-research-and-downloads/security-advisories/cve-2014-9754-cve-2014-9755/

Copyright (c) Portcullis Computer Security Limited 2015, All rights reserved worldwide. Permission is hereby granted for the electronic redistribution of this information. It is not to be edited or altered in any way without the express written consent of Portcullis Computer Security Limited.

The information herein contained may change without notice. Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. In no event shall the author/distributor (Portcullis Computer Security Limited) be held liable for any damages whatsoever arising out of or in connection with the use or spread of this information.


RSS Feed Subscribe to this comment feed

No comments yet, be the first!

Login or Register to post a comment

File Archive:

September 2019

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Sep 1st
    1 Files
  • 2
    Sep 2nd
    38 Files
  • 3
    Sep 3rd
    30 Files
  • 4
    Sep 4th
    15 Files
  • 5
    Sep 5th
    12 Files
  • 6
    Sep 6th
    17 Files
  • 7
    Sep 7th
    3 Files
  • 8
    Sep 8th
    1 Files
  • 9
    Sep 9th
    24 Files
  • 10
    Sep 10th
    22 Files
  • 11
    Sep 11th
    22 Files
  • 12
    Sep 12th
    15 Files
  • 13
    Sep 13th
    5 Files
  • 14
    Sep 14th
    0 Files
  • 15
    Sep 15th
    0 Files
  • 16
    Sep 16th
    0 Files
  • 17
    Sep 17th
    0 Files
  • 18
    Sep 18th
    0 Files
  • 19
    Sep 19th
    0 Files
  • 20
    Sep 20th
    0 Files
  • 21
    Sep 21st
    0 Files
  • 22
    Sep 22nd
    0 Files
  • 23
    Sep 23rd
    0 Files
  • 24
    Sep 24th
    0 Files
  • 25
    Sep 25th
    0 Files
  • 26
    Sep 26th
    0 Files
  • 27
    Sep 27th
    0 Files
  • 28
    Sep 28th
    0 Files
  • 29
    Sep 29th
    0 Files
  • 30
    Sep 30th
    0 Files

Top Authors In Last 30 Days

File Tags


packet storm

© 2019 Packet Storm. All rights reserved.

Security Services
Hosting By