Bleichenbacher Attacks on IPsec IKE Fortinet PSIRT Advisories Fortinet PSIRT Contact: Website: https://fortiguard.fortinet.com/faq/psirt-contact FG-IR-18-214 Final 1 1 2018-08-27T00:00:00 Current version 2018-08-27T00:00:00 2018-08-27T00:00:00 Two new attacks on IPsec IKE (Internet Key Exchange) were recently disclosed [1], involving multiple ways to perform attacks against IKE signature based and PSK (Pre-Shared Key) authentications. The end goal is to crack IPsec VPN encrypted communications.The relevant CVEs are:CVE-2018-5389: Practical Dictionary Attacks on IPsec IKECVE-2018-0131: Bleichenbacher Attacks on IPsec IKE Information disclosure FortiOS is affected by CVE-2018-5389 when using a Pre-Shared Key as the IKE authentication method in IPsec VPN.FortiOS is not impacted by CVE-2018-0131, since the related IPsec IKE authentication features (PKE/RPKE) are not supported.The following products are not affected by any of the CVEs above: FortiAPFortiAnalyzerFortiSwitch Since CVE-2018-5389 is a protocol level attack enabling dictionary-based brute force cracking, there exists mitigation to disable it altogether, or drastically lower its practical feasibility:1. Choose digital signature authentication (RSA authentication with Certificates) instead of Pre-Shared Key in IKE authentication. This effectively prevents the attack completely.2. If the above is not acceptable given the environment, and Pre-Shared Key has to be chosen, a minimum of 12 high-entropy random ASCII characters should be used as the key (with 20 characters being preferable). This renders the attack unpractical in the current state of computing power available for brute-force cracking. https://fortiguard.fortinet.com/psirt/FG-IR-18-214 Bleichenbacher Attacks on IPsec IKE [1] https://www.ei.rub.de/media/nds/veroeffentlichungen/2018/08/13/sec18-felsch.pdf [1] https://www.ei.rub.de/media/nds/veroeffentlichungen/2018/08/13/sec18-felsch.pdf [2] https://web-in-security.blogspot.com/2018/08/practical-bleichenbacher-attacks-on-ipsec-ike.html [2] https://web-in-security.blogspot.com/2018/08/practical-bleichenbacher-attacks-on-ipsec-ike.html [3] https://web-in-security.blogspot.com/2018/08/practical-dictionary-attack-on-ipsec-ike.html [3] https://web-in-security.blogspot.com/2018/08/practical-dictionary-attack-on-ipsec-ike.html CVE-2018-0131 CVE-2018-5389 0 https://fortiguard.fortinet.com/psirt/FG-IR-18-214 Bleichenbacher Attacks on IPsec IKE Reference> [1] https://www.ei.rub.de/media/nds/veroeffentlichungen/2018/08/13/sec18-felsch.pdf [1] https://www.ei.rub.de/media/nds/veroeffentlichungen/2018/08/13/sec18-felsch.pdf [2] https://web-in-security.blogspot.com/2018/08/practical-bleichenbacher-attacks-on-ipsec-ike.html [2] https://web-in-security.blogspot.com/2018/08/practical-bleichenbacher-attacks-on-ipsec-ike.html [3] https://web-in-security.blogspot.com/2018/08/practical-dictionary-attack-on-ipsec-ike.html [3] https://web-in-security.blogspot.com/2018/08/practical-dictionary-attack-on-ipsec-ike.html