X
Tech
Home Tech Security

Government warns of IPsec VPN flaw

Brief: Companies using IPsec VPNs may be vulnerable to attack, via a flaw in an encryption sub-protocol
Written by Dan Ilett, Contributor

The UK's National Infrastructure Security Coordination Centre (NISCC) has issued a serious warning over the safety of IPsec virtual private networks (VPNs).

On its Web site, NISCC said a flaw in the IPsec VPN protocol could allow hackers to obtain a text version of encrypted communications with only "moderate effort".

The flaw, which NISCC rated as 'high risk', makes it possible for an attacker to intercept IP packets travelling between two IPsec devices and modify the encapsulation security payload — a sub-protocol that encrypts the data being transported. This could ultimately expose this data to an unauthorised third party.

On its Web site, NISCC wrote: "By making careful modifications to selected portions of the payload of the outer packet, an attacker can effect controlled changes to the header of the inner (encrypted) packet…If these messages can be intercepted by an attacker, then plaintext data is revealed."

NISCC has published a number of solutions to this issue.

Editorial standards
Show Comments

Related

logi-ai-prompt-builder-mx-setup

Logitech mouse and keyboard users are getting a free AI upgrade

Linus Torvalds and Dirk Hohndel, Open Source Summit North America 2024

Linus Torvalds takes on evil developers, hardware errors and 'hilarious' AI hype

Placeholder product image alt text

The best AI image generators to try right now