"These are very significant issues and need to be addressed quickly by people using IPsec," Ed Skoudis, a handler for the Bethesda, Md.-based SANS Internet Storm Center [ISC] and co-founder of Washington, D.C.-based security consultancy Intel Guardians, said by e-mail. "This is really big."
NISCC said three attacks that apply to certain configurations of IPsec have been identified. "These configurations use Encapsulating Security Payload [ESP] in tunnel mode with confidentiality only, or with integrity protection being provided by a higher layer protocol," the advisory said, adding that certain configurations using the Authentication Header [AH] are also vulnerable.
The link for this article located at SearchSecurity is no longer available.