Re: [Full-disclosure] Cisco Security Advisory: Multiple Vulnerabilities in Cisco Clean Access



Well, that sure was informative.

My questions to what the advisory means are below. Can anyone answer or
correct this at all?

On 1/3/07, Cisco Systems Product Security Incident Response Team <> wrote:

Details
=======

Unchangeable Shared Secret
+-------------------------

In order for Cisco Clean Access Manager (CAM) to authenticate to a
Cisco Clean Access Server (CAS), both CAM and CAS must have the same
shared secret. The shared secret is configured during the initial CAM
and CAS setup. Due to this vulnerability the shared secret can not be
properly set nor be changed, and it will be the same across all
affected devices. In order to exploit this vulnerability the
adversary must be able to establish a TCP connection to CAS.


So, other than making a TCP connection to the box, what does the attacker
need? Do they need to get the shared secret off some other box in the same
administrative domain? How is that shared secret protected, is it stored
anywhere else an attacker might have easier access to (e.g. on Clean
Access-managed clients, on the 'readable snapshots' below)?

Unchangeable Shared Secret
+-------------------------

Successful exploitation of the vulnerability may enable a malicious
user to effectively take administrative control of a CAS. After that,
every aspect of CAS can be changed including its configuration and
setup.


For "may", presumably we should read "would, unless the he suddenly fell
asleep at the last minute"? Or are there some additional barriers to taking
advantage of a successful exploit?



Readable Snapshots
+-----------------

Manual backups of the database ('snapshots') taken on CAM are
susceptible to brute force download attacks. A malicious user can
guess the file name and download it without authentication. The file
itself is not encrypted or otherwise protected.



Readable Snapshots
+-----------------

The snapshot contains sensitive information that can aide in the
attempts, or be used to compromise the CAM. Among other things, the
snapshot can contain passwords in cleartext. Starting with the
release 3.6.0, passwords are no longer stored in cleartext in the
snapshot files.


So, I read this to mean, the snapshot files are still downloadable without
authentication, still have easily guessable names, and still contain
sensitive information that can aid in an attack (what sensitive
information?), but now the attacker has password hashes against which he has
to do a three hour offline brute force, or perhaps a twenty second rainbow
table lookup, rather than getting the plaintext straight off.

Regards
Mark
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Relevant Pages

  • Re: [Full-disclosure] Cisco Security Advisory: Multiple Vulnerabilities in Cisco Clean Access
    ... >>Unchangeable Shared Secret ... >>Cisco Clean Access Server (CAS), both CAM and CAS must have the same ... > anywhere else an attacker might have easier access to (e.g. on Clean ... It is "may" because if you run software release 3.6.1 then your passwords ...
    (Full-Disclosure)
  • Re: [Full-disclosure] Cisco Security Advisory: Multiple Vulnerabilities in Cisco Clean Access
    ... Cisco Clean Access Server (CAS), both CAM and CAS must have the same ... The shared secret is configured during the initial CAM ... It is "may" because if you run software release 3.6.1 then your passwords ... So, I read this to mean, the snapshot files are still downloadable without ...
    (Full-Disclosure)
  • Re: AES MAC security question
    ... > If the MAC is secure, a shared secret does not stop a guessing attack. ... The shared secret prevents casual guessing. ... shared secret used for padding an attacker now has to guess at the padding ...
    (sci.crypt)
  • Re: ECC security level
    ... >> crypto. ... > If the shared secret is so small that it cannot resist off-line ... If the secret is that small isn't it just valid to assume the attacker knows ... Tom ...
    (sci.crypt)