dimanche, mai 15, 2005

Vulnerability in popular VPN technology

Encrypted data could be accessed by hackers, warns UK security body


The UK's national emergency response team, the National Infrastructure Security Coordination Centre, has issued a security alert, warning of a vulnerability in IPsec, a widely used VPN technology. The flaw could potentially allow an attacker to access encrypted communications.


The NISCC rates the vulnerability as high risk. It warns organisations that VPNs using IPsec encryption and tunnelling for remote workers that their data could be at risk.


An attack could exploit the flaw in IPSec configurations to intercept IP packets transmitted between two IPsec devices. Once packets have been intercepted, the encapsulation security payload (the subprotocol used to encrypt the information) can be altered, providing the attacker with a plain text version of the encrypted material.(....)

 

Google
 
Web eurenet.blogspot.com