Slashdot Mirror

← Back to Stories (view on slashdot.org)

Flaw Found in VPN Crypto Security

Posted by Zonk on Friday May 13, 2005 @03:28AM from the dire-straights dept.

peeon writes "CNET reports the British National Infrastructure Security Coordination Centre has discovered a flaw in IPSEC protocol. From the article: 'The flaw, which the NISCC rates as "high" risk, makes it possible for an attacker to intercept IP packets traveling between two IPsec devices. They could then modify the encapsulation security payload--a subprotocol that encrypts the data being transported.'"

2 of 106 comments (clear)

Min score:

Reason:

Sort:

Re:Hype Warning by whoever57 · 2005-05-13 03:39 · Score: 3, Interesting

Does this mean that it DOES apply to IPSEC VPNs that are configured with NAT Traversal?

--
The real "Libtards" are the Libertarians!
Moreover by apankrat · 2005-05-13 06:07 · Score: 2, Interesting

Not having integrity protection enabled automatically opens ESP to the replay attacks, which are easier to mount and far more practical than the one described in TFA.

--
3.243F6A8885A308D313