While developing an implementation of IKE for our platform, I noticed an astonishing behavior in the servers I was testing against: Not a single IKE implementation, which included products from the biggest names in network infrastructure, were validating the Diffie-Hellman public keys that I sent. A consequence of this is that any deployment of these servers will allow the disclosure of secret information when a peer is in collusion with a passive attacker.
Archive for September 2007
Dibbler Remote Denial of Service Vulnerability
The Mu Security Research Team released advisory “MU-200709-02â€? today. Details: mu-200709-02.txt
Categories: Advisories
Quagga bgpd Remote Denial of Service Vulnerability
The Mu Security Research Team released advisory “MU-200709-01” today. Details: mu-200709-01.txt
Categories: Advisories
