[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Aastra IP Telephone encrypted .tuz configuration file leakage
- To: bugtraq@xxxxxxxxxxxxxxxxx
- Subject: Re: Aastra IP Telephone encrypted .tuz configuration file leakage
- From: Timo Juhani Lindfors <timo.lindfors@xxxxxx>
- Date: Mon, 18 Feb 2013 16:13:26 +0200
noreply@xxxxxxxxxx writes:
> Vulnerability fixed in August 2012 release of anacrypt V1.04 encryption tool.
> Available on the www.aastra.com website.
>
> IP Phone Configuration File Encryption Tool - Microsoft Windows (Version
> 1.04, 08/2012, gz) (English, 45.78 KB)
>
> IP Phone Configuration File Encryption Tool - Linux 32 bit (Version 1.04,
> 08/2012, gz) (English, 9.18 KB) IP Phone Configuration File
>
> Encryption Tool - Linux 64 bit (Version 1.04, 08/2012, gz) (English, 9.89 KB)
Hmm, are you perhaps referring to some other vulnerability? It seems to
me that even V1.04 still uses ECB. If an input string that consists of
only the letter "A" repeated 48 times is encrypted using password
"foo123" the ciphertext shows blocks that are a clear sign of ECB:
$ printf AAAAAAAA > 000000000000.cfg
$ printf AAAAAAAA >> 000000000000.cfg
$ printf AAAAAAAA >> 000000000000.cfg
$ printf AAAAAAAA >> 000000000000.cfg
$ printf AAAAAAAA >> 000000000000.cfg
$ printf AAAAAAAA >> 000000000000.cfg
$ anacrypt 000000000000.cfg -p foo123
Reading ./000000000000.cfg
Writing 000000000000.tuz
$ hexdump -C 000000000000.tuz
00000000 55 42 43 7f 80 f8 5c 98 0f fc af 26 9e da 16 8d |UBC...\....&....|
00000010 00 81 57 9f 6f 75 35 30 b6 9d 8a 95 3a 43 2d bb |..W.ou50....:C-.|
00000020 5d ed 1c 34 2b 90 3d 55 11 ed 1c 34 2b 90 3d 55 |]..4+.=U...4+.=U|
00000030 11 ed 1c 34 2b 90 3d 55 11 ed 1c 34 2b 90 3d 55 |...4+.=U...4+.=U|
00000040 11 ed 1c 34 2b 90 3d 55 11 89 b5 8a a6 c8 99 20 |...4+.=U....... |
00000050 c3 ed 1c 34 2b 90 3d 55 11 |...4+.=U.|
00000059
$ anacrypt -h
Provides encryption of the configuration files used for the
family of Aastra IP phones, using 56bit triple-DES and site-specific keys.
Copyright (c) 2005-2012, Aastra Technologies, Ltd.
Copyright (c) 1999, Philip J. Erdelsky
anacrypt version: 1.0.4
Usage:
anacrypt {infile.cfg|-d <dir>} [-p password] [-m] [-i] [-v] [-h]
-d <dir> Specifes that all .cfg files in <dir> should be encrypted
[-p passwords] Specify password used to generate keys
-m Generate MAC.tuz files that are phone specific
-v1 Use version 1 encryption(Compatible with older phone models)
-i Generate security.tuz file
-h Show this help screen