Re: [Full-disclosure] Default SSL Keys in Multiple Routers
From a security standpoint, it is. But it's easier and probably more cost effective for the manufacturer. Sometimes the key will be different between firmware versions, sometimes it won't. Sometimes the same key will be used for two different models. It just depends. Some models don't have hard coded keys, but most of the consumer grade stuff (and even some of the low-end business stuff) does. - Craig On Sun, Dec 19, 2010 at 12:17 PM, Thor (Hammer of God) t...@hammerofgod.com wrote: These manufacturers use the same key on each of their models? That seems ridiculous to me... T -- From: Craig Heffner Sent: Sunday, December 19, 2010 5:56 AM To: full-disclosure@lists.grok.org.uk Subject: [Full-disclosure] Default SSL Keys in Multiple Routers Many routers that provide an HTTPS administrative interface use default or hard-coded SSL keys that can be recovered by extracting the file system from the device's firmware. The LittleBlackBox project contains a database of over 2,000 (and growing) private SSL keys that are correlated with their respective public certificates, and hardware/firmware versions. While most of these certificates are from DD-WRT firmware, there are also private keys from other vendors including Cisco, Linksys, D-Link and Netgear. Private keys can be recovered by supplying LittleBlackBox with the corresponding public key. If the public key is not readily available, LittleBlackBox can retrieve the public certificate from a pcap file, live traffic capture, or by directly querying the target host. LittleBlackBox can be downloaded from http://littleblackbox.googlecode.com . More information is available at http://www.devttys0.com/2010/12/breaking-ssl-on-embedded-devices/. ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Default SSL Keys in Multiple Routers
These manufacturers use the same key on each of their models? That seems ridiculous to me... As a person who had a Siemens AP / router with a hardcoded, hidden management account on it, I find your surprise entertaining ;-) Craig, cool project. /mz ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Default SSL Keys in Multiple Routers
LOL. Yeah, it seems like I get myself in this cycle of OMG, really? followed by maybe people are starting to learn and then back to disappointment. To be honest, this was something that I never really considered (shared, persistent keys on routers). In hindsight, it seems like an obvious concern, but it is still interesting. t -Original Message- From: Michal Zalewski [mailto:lcam...@coredump.cx] Sent: Monday, December 20, 2010 8:16 AM To: Thor (Hammer of God) Cc: Craig Heffner; full-disclosure@lists.grok.org.uk Subject: Re: [Full-disclosure] Default SSL Keys in Multiple Routers These manufacturers use the same key on each of their models? That seems ridiculous to me... As a person who had a Siemens AP / router with a hardcoded, hidden management account on it, I find your surprise entertaining ;-) Craig, cool project. /mz ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Default SSL Keys in Multiple Routers
On Sat, Dec 18, 2010 at 7:13 PM, Craig Heffner cheff...@devttys0.com wrote: The LittleBlackBox project contains a database of over 2,000 (and growing) private SSL keys that are correlated with their respective public certificates, and hardware/firmware versions. While most of these certificates are from DD-WRT firmware, there are also private keys from other vendors including Cisco, Linksys, D-Link and Netgear. Most of what I have read so far indicates that these secret keys can be used to sniff only administrative traffic to the device itself. I have a client who uses a bunch of WRV200's for corp VPN access. They are configured with a shared secret. Wouldn't they use DH with the built in private key to exchange the shared secret which would make the VPN traffic itself vulnerable? Looks like you have the 210 but not the 200 but I bet your tool could pull out the key for wrv200. BMF ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Default SSL Keys in Multiple Routers
On Mon, Dec 20, 2010 at 4:04 PM, BMF badmotherfs...@gmail.com wrote: ... Most of what I have read so far indicates that these secret keys can be used to sniff only administrative traffic to the device itself. right. considering 97.3% of these devices have trivial XSRF, remote access, and other vectors wide open this (active MitM to HTTPS admin panel on home localnet?) is the least of your concerns. I have a client who uses a bunch of WRV200's for corp VPN access. They are configured with a shared secret. Wouldn't they use DH with the built in private key to exchange the shared secret which would make the VPN traffic itself vulnerable? this is ambiguous. what kind of VPN? are you keying ISAKMP daemon with a shared secret or is manual pre-shared key what you're describing? very different levels of privacy and forward secrecy respectively. see IPSecVPN chapter, specifically Auto (IKE) key exchange method, AES ISAKMP Encryption Method, SHA ISAKMP Authentication Method, 2048 or 4096 ISAKMP DH Group, PFS Enabled, AES IPSec Encryption Method, SHA IPSec Authentication Method, Pre-shared Key for ISAKMP authentication in manual. ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Default SSL Keys in Multiple Routers
On Mon, Dec 20, 2010 at 7:04 PM, BMF badmotherfs...@gmail.com wrote: On Sat, Dec 18, 2010 at 7:13 PM, Craig Heffner cheff...@devttys0.com wrote: The LittleBlackBox project contains a database of over 2,000 (and growing) private SSL keys that are correlated with their respective public certificates, and hardware/firmware versions. While most of these certificates are from DD-WRT firmware, there are also private keys from other vendors including Cisco, Linksys, D-Link and Netgear. Most of what I have read so far indicates that these secret keys can be used to sniff only administrative traffic to the device itself. I have a client who uses a bunch of WRV200's for corp VPN access. They are configured with a shared secret. Wouldn't they use DH with the built in private key to exchange the shared secret which would make the VPN traffic itself vulnerable? When using DH for the exchange of the random values, the random value is raised to the group base, ie, g^a (or g^b) where 'a' is one side's random {16|32|x} bytes. The private key would be used to sign the messages used in the exchange of the material. This scheme is referred to as Ephemeral Diffie Hellman or DH2. An intermediate with knowledge of a private key could play the role of man in the middle since he/she could forge a signature. So the security properties of the signature over the exchange would be destroyed, and the system would be no more secure than standard DH. And standard DH is vulnerable to MITM. If the attacker is passive and cannot intercept the messages or assume the role of MITM, then the confidentiality of messages are probably safe. The bad guy would probably not be able to inject messages since, for bulk encryption (ie, after key exchange), the protocol would switch to a HMAC rather than digital signatures. But I would not feel good knowing a private key used for signing was in the hands of a [malicious?] third party. Jeff ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] Default SSL Keys in Multiple Routers
Many routers that provide an HTTPS administrative interface use default or hard-coded SSL keys that can be recovered by extracting the file system from the device's firmware. The LittleBlackBox project contains a database of over 2,000 (and growing) private SSL keys that are correlated with their respective public certificates, and hardware/firmware versions. While most of these certificates are from DD-WRT firmware, there are also private keys from other vendors including Cisco, Linksys, D-Link and Netgear. Private keys can be recovered by supplying LittleBlackBox with the corresponding public key. If the public key is not readily available, LittleBlackBox can retrieve the public certificate from a pcap file, live traffic capture, or by directly querying the target host. LittleBlackBox can be downloaded from http://littleblackbox.googlecode.com. More information is available at http://www.devttys0.com/2010/12/breaking-ssl-on-embedded-devices/. ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Default SSL Keys in Multiple Routers
These manufacturers use the same key on each of their models? That seems ridiculous to me... T From: Craig Heffner Sent: Sunday, December 19, 2010 5:56 AM To: full-disclosure@lists.grok.org.uk Subject: [Full-disclosure] Default SSL Keys in Multiple Routers Many routers that provide an HTTPS administrative interface use default or hard-coded SSL keys that can be recovered by extracting the file system from the device's firmware. The LittleBlackBox project contains a database of over 2,000 (and growing) private SSL keys that are correlated with their respective public certificates, and hardware/firmware versions. While most of these certificates are from DD-WRT firmware, there are also private keys from other vendors including Cisco, Linksys, D-Link and Netgear. Private keys can be recovered by supplying LittleBlackBox with the corresponding public key. If the public key is not readily available, LittleBlackBox can retrieve the public certificate from a pcap file, live traffic capture, or by directly querying the target host. LittleBlackBox can be downloaded from http://littleblackbox.googlecode.com. More information is available at http://www.devttys0.com/2010/12/breaking-ssl-on-embedded-devices/. ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Default SSL Keys in Multiple Routers
Quite interesting. It was one of those those things I just assumed was part of the build process. Thanks for the app and info. t Sent from my Windows Phone emulator. From: Craig Heffner Sent: Sunday, December 19, 2010 10:03 AM To: Thor (Hammer of God) Cc: full-disclosure@lists.grok.org.uk Subject: Re: [Full-disclosure] Default SSL Keys in Multiple Routers From a security standpoint, it is. But it's easier and probably more cost effective for the manufacturer. Sometimes the key will be different between firmware versions, sometimes it won't. Sometimes the same key will be used for two different models. It just depends. Some models don't have hard coded keys, but most of the consumer grade stuff (and even some of the low-end business stuff) does. - Craig On Sun, Dec 19, 2010 at 12:17 PM, Thor (Hammer of God) t...@hammerofgod.commailto:t...@hammerofgod.com wrote: These manufacturers use the same key on each of their models? That seems ridiculous to me... T From: Craig Heffner Sent: Sunday, December 19, 2010 5:56 AM To: full-disclosure@lists.grok.org.ukmailto:full-disclosure@lists.grok.org.uk Subject: [Full-disclosure] Default SSL Keys in Multiple Routers Many routers that provide an HTTPS administrative interface use default or hard-coded SSL keys that can be recovered by extracting the file system from the device's firmware. The LittleBlackBox project contains a database of over 2,000 (and growing) private SSL keys that are correlated with their respective public certificates, and hardware/firmware versions. While most of these certificates are from DD-WRT firmware, there are also private keys from other vendors including Cisco, Linksys, D-Link and Netgear. Private keys can be recovered by supplying LittleBlackBox with the corresponding public key. If the public key is not readily available, LittleBlackBox can retrieve the public certificate from a pcap file, live traffic capture, or by directly querying the target host. LittleBlackBox can be downloaded from http://littleblackbox.googlecode.com. More information is available at http://www.devttys0.com/2010/12/breaking-ssl-on-embedded-devices/. ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/