Cisco warns of hijack code for VPN gear

Cisco warns of hijack code for VPN gear

Cisco Systems Inc. last week warned that hacker software now exists that allows attackers to break into a Cisco-based VPN by intercepting VPN logon/password data.

The hacker code takes advantage of a previously reported vulnerability in Cisco VPN hardware and software, where Group Passwords are used instead of Public Key Infrastructure (PKI) certificates to authenticate a VPN user. The exploit code affects the Cisco VPN 3000 Concentrator, the Cisco VPN client software for Windows and Linux PCs, and the VPN 3002 hardware client - a small appliance for connecting remote PCs to a Cisco VPN through broadband links.

The exploit code could be used to emulate an enterprise VPN termination device, such as the Cisco VPN Concentrator, and glean VPN usernames and passwords from end users. The code could also be used to hijack Cisco VPN connections directly from end users.

According to a Cisco statement, "the Group Password used by the Cisco IPSec VPN client is scrambled on the hard drive, but unscrambled in memory. This password can now be recovered on both the Linux and Microsoft Windows platform implementations of the Cisco IPSec VPN client."

This so-called "man-in-the-middle" attack only affects Cisco VPN gear using Group Passwords. This is considered a less-secure authentication method than PKI certificate exchanges.

Cisco says there are no workarounds for this problem, and recommends that users implement PKI instead of Group Passwords for VPN authentication. The company says it will release software that will fix the Group Password problem on the VPN 3000 Concentrator, client software and hardware client in the third quarter of this year.

The news of hacker software for this Cisco VPN weakness comes a week after Cisco warned of a software flaw that could leave the IPSec VPN Module for the Catalyst 6500 switch and 7600 series router susceptible to a denial-of-service attack.

Follow Us

Join the newsletter!


Sign up to gain exclusive access to email subscriptions, event invitations, competitions, giveaways, and much more.

Membership is free, and your security and privacy remain protected. View our privacy policy before signing up.

Error: Please check your email address.


ARN Innovation Awards 2022

Innovation Awards is the market-leading awards program for celebrating ecosystem innovation and excellence across the technology sector in Australia.

EDGE 2022

EDGE is the leading technology conference for business leaders in Australia and New Zealand, built on the foundations of collaboration, education and advancement.

Show Comments