NEWS The UK's National Infrastructure Security Coordination Centre (NISCC) has issued a serious warning over the safety of IPsec virtual private networks (VPNs).
On its website, NISCC said a flaw in the IPsec VPN protocol could allow hackers to obtain a text version of encrypted communications with only "moderate effort".
The flaw, which NISCC rated as 'high risk', makes it possible for an attacker to intercept IP packets travelling between two IPsec devices and modify the encapsulation security payload - a sub-protocol that encrypts the data being transported. This could ultimately expose this data to an unauthorised third party.
NISCC said: "By making careful modifications to selected portions of the payload of the outer packet, an attacker can effect controlled changes to the header of the inner [encrypted] packet... If these messages can be intercepted by an attacker, then plaintext data is revealed."
NISCC has published a number of solutions to this issue.
Dan Ilett writes for ZDNet UK
Comments
There is 1 comment. Join the discussion
1. Ajaz Poswall @ Diagonal Security
You firstly have to intercept the traffic, capture the data, then make the changes and then continue to packet to its destination.
Takes a lot of time, luck and computing power.
Doesn't sound like a lazy job...