Cisco IOS / IOS XE security advisories

Published: 2015-09-23. Last Updated: 2015-09-23 16:53:27 UTC
by Daniel Wesemann (Version: 1)
2 comment(s)

Cisco have released three patch bulletins today http://www.cisco.com/web/about/security/intelligence/Cisco_ERP_sep15.html for issues affecting their IOS and IOS XE firmware.  The most intriguing one on the list is called "RSA based user authentication bypass vulnerability", and from the description, it sounds like key based SSH authentication can be successful "with a crafted private key" if the attacker "knows the userid and the associated RSA public key".  Well ... if it were readily possible to "craft" the private key out of a known public key, then most of our Internet crypto protocols would become invalid overnight. Hence, something else must be at the root of this problem, but what exactly, the advisory doesn't say. Probably something embarrassing, like another backdoor or default key.

 

Keywords:
2 comment(s)

Comments

"Hence, something else must be at the root of this problem, but what exactly, the advisory doesn't say. Probably something embarrassing, like another backdoor or default key."

...Or a bad PRNG. Somehow I think that might be the case.
I assumed they had done something silly like comparing the client provided key against the configured public key and allowing access if they are equal rather than an actual crypto problem.

Diary Archives