exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New

Kerio Control VPN Protocol 9.2.7 Inadequate Cryptography Implementation

Kerio Control VPN Protocol 9.2.7 Inadequate Cryptography Implementation
Posted Dec 6, 2018
Authored by Wolfgang Ettlinger | Site sec-consult.com

Kerio Control VPN Protocol versions 9.2.7 and below have an issue where the cryptographic protocol employed exhibits severe design issues.

tags | advisory, protocol
SHA-256 | d1ff2228600cdc41f9fafb6da994e535fdaaaeb884e11bd2dcc0f93c0c6265d2

Kerio Control VPN Protocol 9.2.7 Inadequate Cryptography Implementation

Change Mirror Download
SEC Consult Vulnerability Lab Security Advisory < 20181205-0 >
=======================================================================
title: Inadequate cryptography implementation
product: Kerio Control VPN protocol
vulnerable version: <=9.2.7
fixed version: 9.2.8
CVE number: -
impact: High
homepage: http://www.kerio.com/products/kerio-control
found: 2018-10
by: W. Ettlinger (Office Vienna)
SEC Consult Vulnerability Lab

An integrated part of SEC Consult
Europe | Asia | North America

https://www.sec-consult.com

=======================================================================

Vendor description:
-------------------
"Protect your network from viruses, malware and malicious activity with Kerio
Control, the easy-to-administer yet powerful all-in-one security solution.

Kerio Control brings together next-generation firewall capabilities -- including
a network firewall and router, intrusion detection and prevention (IPS), gateway
anti-virus, VPN, and web content and application filtering. These comprehensive
capabilities and unmatched deployment flexibility make Kerio Control the ideal
choice for small and mid-sized businesses."

"Link headquarters to remote users and branch offices securely and easily.
Kerioas own VPN tunneling with dead-simple setup requires minimal configuration,
and provides a high performance network connection. Or, use industry-standard
IPsec/L2TP for connectivity from mobile devices or third-party firewalls.
Enable 2-step verification for an extra layer of security on all forms of
remote access."

Source: http://www.kerio.com/products/kerio-control


Business recommendation:
------------------------
During a quick evaluation of the Kerio Control VPN protocol, it was apparent,
that the cryptographic protocol employed exhibited severe design issues.

Generally, SEC Consult strongly recommends to prefer well-established standard
cryptographic protocols rather than proprietary protocols wherever possible
(e.g. DTLS, IPsec). Due to their widespread use, they generally receive much
greater attention by experts. Therefore, many design issues with these protocols
have already been detected and mitigated since.

We therefore recommend businesses to switch from Kerio's proprietary VPN
protocol to a standard protocol (Kerio Control e.g. supports IPsec).

Note that no full audit of Kerio Control, Kerio VPN or the cryptographic
protocol has been conducted. In addition to the vulnerabilities described
here, we already identified critical vulnerabilities in Kerio Control in 2016.
Hence we suspect there are more major security deficiencies in the product.
We therefore recommend GFI software to greatly increase the efforts towards
product security in order to keep customers secure.

We want to explicitly thank GFI for the professional handling of the
communication during this whole process.


Vulnerability overview/description:
-----------------------------------
After a TLS connection is established between the Kerio VPN client and the
Kerio Control appliance and cryptographic keys have been securely transferred
over this connection, the data sent through the VPN is transmitted in UDP
packets. Each of these packets is encrypted using Blowfish in CTR mode.

As this mode does not provide data authenticity, encrypted data that is modified
by an attacker results in predictable modification of the plaintext. More
precisely, bits that are flipped in the ciphertext result in the same bits being
flipped in the plaintext after decryption.

Each encrypted UDP datagram contains a simple checksum (the same checksum used
by IPv4). Assuming an attacker knows the plaintext data of a datagram and is
able to modify its ciphertext, it is trivial to change parts of the message,
e.g. inject content into the encrypted stream, while keeping the resulting
checksum identical.


Proof of concept:
-----------------
SEC Consult provided a proof of concept exploit script to GFI but it has been
removed from this advisory in order to give customers more time to upgrade the
infrastructure.


Vulnerable / tested versions:
-----------------------------
The version 9.2.7 build 2921 was found to be vulnerable. This version was the
latest at the time of discovery and older versions are affected as well.


Vendor contact timeline:
------------------------
2018-10-17: Creating support case at https://gfisoftware.force.com, asking for
security contact
2018-10-17: GFI support: Asking to upload advisory to support portal
2018-10-19: Uploading advisory
2018-10-22: GFI support: Escalated to engineers to further investigate
2018-10-25: GFI support acknowledges vulnerability
2018-11-08: GFI support: Beta version with patch available (with AES 128)
2018-11-09: Asking for release date of the patch
2018-11-12: GFI support proposes 2018-12-05 as a release date for the advisory
2018-11-19: Confirming 2018-12-05 as release date
2018-11-27: GFI releases patched version 9.2.8
2018-11-30: Asking for version number of the release with the fix
2018-12-03: GFI support: version 9.2.8 contains the patch
2018-12-05: Public release of the advisory


Solution:
---------
According to GFI support, both Kerio VPN client and the Kerio Control servers
need to be updated to version 9.2.8 to mitigate this issue. Note that Kerio
Control still supports the vulnerable protocol for backwards compatibility.
According to GFI support, the next version 9.2.9 will drop the support for the
old VPN protocol and will only support the new AES-based protocol.

GFI support described a procedure to verify that only patched versions of the
client are connected to the Kerio Control VPN:
Quote:
1. Open Kerio Control administrative console
2. Click Status from the left sidebar
3. Click VPN Clients
4. Here you have displayed the list of VPN Clients. If the version column is
not visible, right click on the header, select columns and select Version
5. Vulnerable clients are version 9.2.7 or earlier.

Information about the current release can be found here:
http://www.kerio.com/support/kerio-control/release-history


Workaround:
-----------
none


Advisory URL:
-------------
https://www.sec-consult.com/en/vulnerability-lab/advisories/index.html


~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

SEC Consult Vulnerability Lab

SEC Consult
Europe | Asia | North America

About SEC Consult Vulnerability Lab
The SEC Consult Vulnerability Lab is an integrated part of SEC Consult. It
ensures the continued knowledge gain of SEC Consult in the field of network
and application security to stay ahead of the attacker. The SEC Consult
Vulnerability Lab supports high-quality penetration testing and the evaluation
of new offensive and defensive technologies for our customers. Hence our
customers obtain the most current information about vulnerabilities and valid
recommendation about the risk profile of new technologies.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Interested to work with the experts of SEC Consult?
Send us your application https://www.sec-consult.com/en/career/index.html

Interested in improving your cyber security with the experts of SEC Consult?
Contact our local offices https://www.sec-consult.com/en/contact/index.html
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Mail: research at sec-consult dot com
Web: https://www.sec-consult.com
Blog: http://blog.sec-consult.com
Twitter: https://twitter.com/sec_consult

EOF W. Ettlinger / @2018

Login or Register to add favorites

File Archive:

March 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Mar 1st
    16 Files
  • 2
    Mar 2nd
    0 Files
  • 3
    Mar 3rd
    0 Files
  • 4
    Mar 4th
    32 Files
  • 5
    Mar 5th
    28 Files
  • 6
    Mar 6th
    42 Files
  • 7
    Mar 7th
    17 Files
  • 8
    Mar 8th
    13 Files
  • 9
    Mar 9th
    0 Files
  • 10
    Mar 10th
    0 Files
  • 11
    Mar 11th
    15 Files
  • 12
    Mar 12th
    19 Files
  • 13
    Mar 13th
    21 Files
  • 14
    Mar 14th
    38 Files
  • 15
    Mar 15th
    15 Files
  • 16
    Mar 16th
    0 Files
  • 17
    Mar 17th
    0 Files
  • 18
    Mar 18th
    10 Files
  • 19
    Mar 19th
    32 Files
  • 20
    Mar 20th
    46 Files
  • 21
    Mar 21st
    16 Files
  • 22
    Mar 22nd
    13 Files
  • 23
    Mar 23rd
    0 Files
  • 24
    Mar 24th
    0 Files
  • 25
    Mar 25th
    12 Files
  • 26
    Mar 26th
    31 Files
  • 27
    Mar 27th
    19 Files
  • 28
    Mar 28th
    0 Files
  • 29
    Mar 29th
    0 Files
  • 30
    Mar 30th
    0 Files
  • 31
    Mar 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close