[New: openFATE 309931] Server name/certificate subject validation in EAPOL authentications (NetworkMana
Feature added by: Tamás Németh (nymeadmins) Feature #309931, revision 1 Title: Server name/certificate subject validation in EAPOL authentications (NetworkMana openSUSE-11.3: Unconfirmed Priority Requester: Important Requested by: Tamás Németh (nymeadmins) Description: We, at the hungarian eduroam community, realized, that the lack of this capability in NetworkManager is a VERY SERIOUS threat. In the Eduroam infrastructure it's quite possible that you home radius server's certificate is signed by the same CA as one or some of the numerous radius servers proxying your request, so any of these servers can easily (even accidentally!) open your SSL encrypted TTLS or PEAP tunnel, for example. The problem gets even worse if you don't specify exactly the CA, which signed you certificate, but you trust every CA cert in /etc/ssl/certs (a very common scenario). However, since your home radius server's certificate is transmitted as cleartext in the beginning of the PEAP/TTLS communication, it can be easily sniffed wireshark, and a relatively desperate attacker can purchase his own certificate from you CA. If this attacker deploys his own AP/router/radius server, he can easily read your passwords (in case of TTLS/PAP authentication), or your NTLM password hashes (in case of TTLS/MSCHAPv2 or PEAP/MSCHAPv2). And the sad thing is that this MSCHAPv2 can cracked VERY EASILY by john ( http://www.openwall.com/john/ ). According my experiences it can be cracked five times faster than old Unix crypt password hashes :((( I managed to crack three out of four real-life passords in an hour without advanced dicionaries of specific options. One password (consisting of eight digits) was cracked by simple brute force within an hour! ( http://forums.remote-exploit.org/tutorials-guides/13728-tutorial-cracking-le... ) Upstream here: https://bugzilla.gnome.org/show_bug.cgi?id=341323 -- openSUSE Feature: https://features.opensuse.org/309931
Feature changed by: Vladimir Botka (vbotka) Feature #309931, revision 2 Title: Server name/certificate subject validation in EAPOL authentications (NetworkMana openSUSE-11.3: Unconfirmed Priority Requester: Important Requested by: Tamás Németh (nymeadmins) Description: We, at the hungarian eduroam community, realized, that the lack of this capability in NetworkManager is a VERY SERIOUS threat. In the Eduroam infrastructure it's quite possible that you home radius server's certificate is signed by the same CA as one or some of the numerous radius servers proxying your request, so any of these servers can easily (even accidentally!) open your SSL encrypted TTLS or PEAP tunnel, for example. The problem gets even worse if you don't specify exactly the CA, which signed you certificate, but you trust every CA cert in /etc/ssl/certs (a very common scenario). However, since your home radius server's certificate is transmitted as cleartext in the beginning of the PEAP/TTLS communication, it can be easily sniffed wireshark, and a relatively desperate attacker can purchase his own certificate from you CA. If this attacker deploys his own AP/router/radius server, he can easily read your passwords (in case of TTLS/PAP authentication), or your NTLM password hashes (in case of TTLS/MSCHAPv2 or PEAP/MSCHAPv2). And the sad thing is that this MSCHAPv2 can cracked VERY EASILY by john ( http://www.openwall.com/john/ ). According my experiences it can be cracked five times faster than old Unix crypt password hashes :((( I managed to crack three out of four real-life passords in an hour without advanced dicionaries of specific options. One password (consisting of eight digits) was cracked by simple brute force within an hour! ( http://forums.remote-exploit.org/tutorials-guides/13728-tutorial-cracking-le... ) Upstream here: https://bugzilla.gnome.org/show_bug.cgi?id=341323 + Discussion: + #1: Vladimir Botka (vbotka) (2010-06-17 09:56:49) + Yes, this is a serious problem. There is no option in wpa_supplicant to + authenticate the radius server AFAIK. Network manager is just a + frontend to the wpa_supplicant. It would be good to cooperate with the + upstream on http://hostap.epitest.fi/wpa_supplicant/ . -- openSUSE Feature: https://features.opensuse.org/309931
Feature changed by: Marcus Meissner (msmeissn) Feature #309931, revision 3 Title: Server name/certificate subject validation in EAPOL authentications (NetworkMana openSUSE-11.3: Unconfirmed Priority Requester: Important + openSUSE-11.4: New + Priority + Requester: Mandatory + Requested by: Marcus Meissner (msmeissn) Requested by: Tamás Németh (nymeadmins) Partner organization: openSUSE.org Description: We, at the hungarian eduroam community, realized, that the lack of this capability in NetworkManager is a VERY SERIOUS threat. In the Eduroam infrastructure it's quite possible that you home radius server's certificate is signed by the same CA as one or some of the numerous radius servers proxying your request, so any of these servers can easily (even accidentally!) open your SSL encrypted TTLS or PEAP tunnel, for example. The problem gets even worse if you don't specify exactly the CA, which signed you certificate, but you trust every CA cert in /etc/ssl/certs (a very common scenario). However, since your home radius server's certificate is transmitted as cleartext in the beginning of the PEAP/TTLS communication, it can be easily sniffed wireshark, and a relatively desperate attacker can purchase his own certificate from you CA. If this attacker deploys his own AP/router/radius server, he can easily read your passwords (in case of TTLS/PAP authentication), or your NTLM password hashes (in case of TTLS/MSCHAPv2 or PEAP/MSCHAPv2). And the sad thing is that this MSCHAPv2 can cracked VERY EASILY by john ( http://www.openwall.com/john/ ). According my experiences it can be cracked five times faster than old Unix crypt password hashes :((( I managed to crack three out of four real-life passords in an hour without advanced dicionaries of specific options. One password (consisting of eight digits) was cracked by simple brute force within an hour! ( http://forums.remote-exploit.org/tutorials-guides/13728-tutorial-cracking-le... ) Upstream here: https://bugzilla.gnome.org/show_bug.cgi?id=341323 Discussion: #1: Vladimir Botka (vbotka) (2010-06-17 09:56:49) Yes, this is a serious problem. There is no option in wpa_supplicant to authenticate the radius server AFAIK. Network manager is just a frontend to the wpa_supplicant. It would be good to cooperate with the upstream on http://hostap.epitest.fi/wpa_supplicant/ . -- openSUSE Feature: https://features.opensuse.org/309931
Feature changed by: Ludwig Nussel (lnussel) Feature #309931, revision 4 Title: Server name/certificate subject validation in EAPOL authentications (NetworkMana openSUSE-11.3: Unconfirmed Priority Requester: Important openSUSE-11.4: New Priority Requester: Mandatory Requested by: Marcus Meissner (msmeissn) Requested by: Tamás Németh (nymeadmins) Partner organization: openSUSE.org Description: We, at the hungarian eduroam community, realized, that the lack of this capability in NetworkManager is a VERY SERIOUS threat. In the Eduroam infrastructure it's quite possible that you home radius server's certificate is signed by the same CA as one or some of the numerous radius servers proxying your request, so any of these servers can easily (even accidentally!) open your SSL encrypted TTLS or PEAP tunnel, for example. The problem gets even worse if you don't specify exactly the CA, which signed you certificate, but you trust every CA cert in /etc/ssl/certs (a very common scenario). However, since your home radius server's certificate is transmitted as cleartext in the beginning of the PEAP/TTLS communication, it can be easily sniffed wireshark, and a relatively desperate attacker can purchase his own certificate from you CA. If this attacker deploys his own AP/router/radius server, he can easily read your passwords (in case of TTLS/PAP authentication), or your NTLM password hashes (in case of TTLS/MSCHAPv2 or PEAP/MSCHAPv2). And the sad thing is that this MSCHAPv2 can cracked VERY EASILY by john ( http://www.openwall.com/john/ ). According my experiences it can be cracked five times faster than old Unix crypt password hashes :((( I managed to crack three out of four real-life passords in an hour without advanced dicionaries of specific options. One password (consisting of eight digits) was cracked by simple brute force within an hour! ( http://forums.remote-exploit.org/tutorials-guides/13728-tutorial-cracking-le... ) Upstream here: https://bugzilla.gnome.org/show_bug.cgi?id=341323 Discussion: #1: Vladimir Botka (vbotka) (2010-06-17 09:56:49) Yes, this is a serious problem. There is no option in wpa_supplicant to authenticate the radius server AFAIK. Network manager is just a frontend to the wpa_supplicant. It would be good to cooperate with the upstream on http://hostap.epitest.fi/wpa_supplicant/ . + #3: Ludwig Nussel (lnussel) (2010-11-29 11:57:38) + http://lizards.opensuse.org/2010/04/20/check-your-wpa2-enterprise-setup/ + http://www.openwall.com/lists/oss-security/2010/04/22/2 -- openSUSE Feature: https://features.opensuse.org/309931
participants (1)
-
fate_noreply@suse.de