Skip to content

Home
Special Alerts


WPA3 Multiple Vulnerabilities: "Dragonblood"
Wednesday, 17 April 2019 12:00

Description:
Researchers has discovered two types of design flaws in WPA3-first leads to downgrade attacks and second to side-channel leaks, which can allow a remote attacker to acquire a weak password, conduct a denial of service, or gain complete authorization. These vulnerabilities have also been referred to as Dragonblood.

CVE Numbers:
CVE-2019-9494/CVE-2019-9495/CVE-2019-9496/CVE-2019-9497/CVE-2019-9498/CVE-2019-9499

Impact:
A downgrade attack against WPA3-Transtition mode can lead to dictionary attacks. A security group downgrade attack, a timing-based side-channel attack, a cache-based side-channel attack, and a resource consumption attack against the WPA3's Dragonfly handshake can be used to recover passwords or cause a DoS.

Solution:
Upgrade wpa_supplicant and hostapd to version 2.8

Available Mitigations:
Mitigations are available for
CVE-2019-9494 https://w1.fi/security/2019-1/
CVE-2019-9495 https://w1.fi/security/2019-2/
CVE-2019-9496 https://w1.fi/security/2019-3/
CVE-2019-9497 https://w1.fi/security/2019-4/
CVE-2019-9498 https://w1.fi/security/2019-4/
CVE-2019-9499 https://w1.fi/security/2019-4/

Reference:
https://www.kb.cert.org/vuls/id/871675/
https://wpa3.mathyvanhoef.com/
https://papers.mathyvanhoef.com/dragonblood.pdf

 
EFAIL Attacks: Vulnerabilities in OpenPGP and S/MIME Leak the Plaintext of Encrypted Emails
Wednesday, 16 May 2018 15:00

Description:
OpenPGP (Pretty Good Privacy) and S/MIME (Secure/Multipurpose Internet Mail Extensions) are both standards used to digitally sign, encrypt and decrypt emails. The EFAIL attacks exploit vulnerabilities in the OpenPGP and S/MIME standards to reveal the plaintext of encrypted emails. When Email clients are configured to automatically decrypt the content of encrypted emails user receive and are also configured to load external resources automatically, attackers can abuse this behavior to steal messages in plaintext just by sending victim a modified version of the same encrypted email content.

CVE Numbers:
CVE-2017-17688: OpenPGP CFB Attacks
CVE-2017-17689: S/MIME CBC Attacks

Systems Affected:
Email clients supporting the OpenPGP or S/MIME standards are vulnerable to EFAIL attacks. Please refer to the paper (https://efail.de/efail-attack-paper.pdf) for further information.

Mitigations:
To prevent EFAIL attacks, users are advised to
‧ Decrypt S/MIME or PGP emails in a separate application outside of email client
‧ Disable HTML rendering
‧ Disable Remote Content Loading
‧ Apply patches from Email client vendors

Reference:
https://efail.de/
https://efail.de/efail-attack-paper.pdf
https://www.kb.cert.org/vuls/id/122919

 
Meltdown and Spectre Attacks
Sunday, 07 January 2018 00:00

Description:
"Meltdown" and "Spectre" are attacks that exploit hardware vulnerabilities in modern processors. "Meltdown" allows attackers to read arbitrary kernel memory or arbitrary physical memory of the target machines. "Spectre" allows attackers to trick an application into leaking sensitive information stored in memory.


CVE Numbers:
CVE-2017-5753/CVE-2017-5715/CVE-2017-5754

Systems Affected:
System which implements processor that allows memory reads in out-of-order instructions and runs an unpatched operating system is potentially affected by Meltdown. These systems may be Desktop, Laptop, and Cloud computers.

System which implements processor that performs speculative execution from branch prediction is potentially vulnerable to Spectre. These systems may be Desktops, Laptops, Cloud Servers, and Smartphones.

Prevention:
Users are advised to apply security patches available to all affected devices:

  • Windows: Microsoft has released the security update and issued a guidance to mitigate these vulnerabilities.
  • MacOS: Apple had already fixed most of these security holes in macOS High Sierra 10.13.2 last month, but MacOS 10.13.3 will enhance or complete these mitigations.
  • Linux: Linux kernel developers have also released patches by implementing kernel page-table isolation (KPTI) to move the kernel into an entirely separate address space.
  • Android: Google has released security patches for Pixel/Nexus users as part of the Android January Security Patch Update.  Other users have to wait for their device manufacturers to release a compatible security update.
  • Firefox Web Browser: Mozilla has released Firefox version 57.0.4 which includes mitigations for both Meltdown and Spectre timing attacks. Users are advised to update their installations as soon as possible.
  • Google Chrome Web Browser: Google has scheduled the patches for Meltdown and Spectre exploits on January 23 with the release of Chrome 64, which will include mitigations to protect your desktop and smartphone from web-based attacks.
  • VMware: VMware has released a list of its products affected by the two attacks and security updates for its ESXi, Workstation and Fusion products to patch against Meltdown attacks.


Reference:
https://meltdownattack.com/
https://meltdownattack.com/meltdown.pdf
https://spectreattack.com/spectre.pdf
https://thehackernews.com/2018/01/meltdown-spectre-patches.html
https://www.kb.cert.org/vuls/id/584653

 

 

 
WPA2 Key Reinstallation Vulnerabilities

Description:
Key reinstallation attacks or "KRACK" attacks were reported in the WPA2 Wi-Fi protocol. An attacker within range of an affected AP and client may be able to conduct attacks including arbitrary packet decryption and injection, TCP connection hijacking, HTTP content injection, or the replay of unicast and group-addressed frames.

CVE Number:
CVE-2017-13077: Reinstallation of the pairwise key in the Four-way handshake
CVE-2017-13078: Reinstallation of the group key in the Four-way handshake
CVE-2017-13079: Reinstallation of the integrity group key in the Four-way handshake
CVE-2017-13080: Reinstallation of the group key in the Group Key handshake
CVE-2017-13081: Reinstallation of the integrity group key in the Group Key handshake
CVE-2017-13082: Accepting a retransmitted Fast BSS Transition Reassociation Request and reinstalling the pairwise key while processing it
CVE-2017-13084: Reinstallation of the STK key in the PeerKey handshake
CVE-2017-13086: Reinstallation of the Tunneled Direct-Link Setup (TDLS) PeerKey (TPK) key in the TDLS handshake
CVE-2017-13087: Reinstallation of the group key (GTK) when processing a Wireless Network Management (WNM) Sleep Mode Response frame
CVE-2017-13088: Reinstallation of the integrity group key (IGTK) when processing a Wireless Network Management (WNM) Sleep Mode Response frame


Systems Affected:
The weaknesses are in the Wi-Fi standard itself, and not in individual products or implementations. Therefore, any Wi-Fi device that uses WPA2 is likely affected.

Mitigation:
1. Users are advised to install updates to affected devices as they are available or contact your vendors directly for update information.

Reference:
https://www.krackattacks.com/
http://www.kb.cert.org/vuls/id/228519

 
Bluetooth Vulnerabilities - "BlueBorne"
Wednesday, 13 September 2017 21:19

Description:
Eight Bluetooth vulnerabilities, dubbed Blueborne, affect the Bluetooth implementations in Android, iOS, Microsoft, and Linux, impacting almost all Bluetooth device types, including smartphones,laptops,IoT devices, and smart cars.
Three of these eight security flaws are rated critical and according to researchers at Armis, the IoT security company that discovered BlueBorne, these vulnerabilities allow attackers to take over devices and execute malicious code, or perform Man-in-the-Middle attacks and intercept Bluetooth communications. Blueborne doesn’t require devices to be paired with the malicious device, or even be set in discoverable mode

CVE Number:
CVE-2017-0781, CVE-2017-0782, CVE-2017-0783, and CVE-2017-0785 for Android devices;
CVE-2017-1000251 and CVE-2017-1000250 for Linux;
CVE-2017-14315 for iOS, and
CVE-2017-8628 on Windows.

Systems Affected:
Windows versions since Windows Vista are all affected. Windows Phone was not vulnerable to BlueBorne. Microsoft has released patches in July for CVE-2017-8628, the details about the fixed vulnerability has been provided in September's Patch Tuesday.

All Linux devices running BlueZ are affected by an information leak, while all Linux devices from version 3.3-rc1 (released in October 2011) are affected by a remote code execution flaw that can be exploited via Bluetooth. Samsung's Tizen OS, based on Linux, is also affected.

All iPhone, iPad and iPod touch devices with iOS 9.3.5 and lower, and AppleTV devices with version 7.2.2 and lower are affected, but the issue was patched in iOS 10.

Prevention:
1. Disable Bluetooth immediately. After applying the patch or update on your device, you should be able to turn Bluetooth on.
2. Users of Android devices can determine if their device is vulnerable by downloading the BlueBorne Android App on the Google Play Store and use it to run a simple and quick check.

Reference:
https://www.bleepingcomputer.com/news/security/blueborne-vulnerabilities-impact-over-5-billion-bluetooth-enabled-devices/
https://arstechnica.com/information-technology/2017/09/bluetooth-bugs-open-billions-of-devices-to-attacks-no-clicking-required/

Last Updated on Monday, 30 October 2017 12:22
 
<< Start < Prev 1 2 3 Next > End >>

Page 1 of 3
[YOUR IP: 54.162.151.77: 37220] ...   [YOUR BROWSER: CCBot/2.0 (https://commoncrawl.org/faq/)] ...