[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

xauth requirements: vulnerabilities

Sorry to keep hammering on this, but we need to make sure we've fully
specified the requirements before we can reasonably discuss the efficacy
of the proposed solution. I invite the various xauth and xauth/hybrid
authors to contribute to this discussion, since you are the ones
proposing solutions.

So far, the following vulnerabilities have been identified in scenarios
entailing using ipsec for remote access:

(1) A system containing either a password (preshared key) or private key
may be stolen, and the thief may now use the system to impersonate the
owner, and access protected resources.

(2) A system containing either a password (preshared key) or private key
may be otherwise compromised in such a way as to give the attacker
access to the password or private key, without the owners knowledge.
This means that either a backup containing the information is
stolen/copied, a copy of the system is somehow made without the owners
knowledge, or the keys are somehow directly extracted. This information
could be used to access protected resources directly, or to mount a
man-in-the-middle attack on subsquent remote access sessions.

(3) Rogue software may be installed on the system without the owners
knowledge which monitors the user's typing and/or other aspects of any
online session.

Are there other vulnerabilities?