November 14, 2017

Talk about a wild goose chase…

According to a few recently published/released security blogs and podcasts there’s a “new” vulnerability out there and it’s a DUHKing whopper.

This “brand new” vulnerability leverages a flaw in ANSI X9.31 Random Number Generator (RNG) in conjunction with a hard-coded seed key. Attackers who employ the “new” DUHK exploit are able to to recover secret encryption keys from vulnerable implementations of FortiOS software.

We wanted to take a moment or two to spend a bit of time explaining what exactly’s going on and why we don’t think it’s something a majority of people out there have to worry about.

Who’s vulnerable DUHK?

According to researchers at John Hopkins University (see below) anybody who’s VPN uses FortiOS 4.3.0 to FortiOS 4.3.18 is vulnerable to DUHK. The paper says that any encrypted communication passed through the affected VPNs aren open to unauthorized decryption. Business data, login credentials, credit card data, you name it, it’s all out in the DUHKing open. (<- see what I did there?)

Should you be worried?

Not if you’ve updated FortiOS beyond 4.3.18.

Turns out, despite all the “sky is falling” news regarding each “flavor of the week” cyber-threat, DUHK’s no spring chicken (heh, another bird pun) and Fortinet’s already plucked its feathers (I promise that’s it).

Fortinet stopped using ANSI X9.31 all together in 2014 with the initial release of Fortinet 5.X. It’s been a non-issue for the company since 2016 and the release of 4.3.19.

So is DUHK actually all that much of a threat?

No, not really. It’s goose was cooked before it could even fly the coop.

However, if you’re a legacy user and still using a version of FortiOS 4.3.X from before November 2016 then, yeah, you might be facing some level of exposure.

The majority of people who’d be affected by this are legacy users and anyone who’s evolved their security posture and upgraded their software/hardware since then should be absolutely fine and not have to worry.

What’s Security7 recommend?

Update your FortiOS if you’re running anything less than FortiOS 4.3.19. Other than that you’re probably fine.

If you are running FortiOS 4.3.18 or earlier and need more advice you should contact us. If this isn’t the kind of thing you want to manage on your own you should be thinking about employing an MSSP or MSP to handle it for you. We can promise you that none of our customers would be this behind curve when it comes to running up to date software.

HELPFUL LINKS:

Fortinet DUHK Vulnerability – https://blog.fortinet.com/2017/10/25/the-duhk-vulnerability

DUHK Attacks – https://duhkattack.com/

John Hopkins University – https://duhkattack.com/paper.pdf

 

 

Carl Keyser is a Digital Marketing Specialist at Integris.

Keep reading

Managed IT Services St. Paul: 5 Powerful Advantages for Businesses

Managed IT Services St. Paul: 5 Powerful Advantages for Businesses

As a business owner, it's important to make the most of your resources. This includes finding cost-effective solutions for managing and maintaining your company's technology. Keeping a competitive edge in your industry requires secure, modern tech that allows your...

IT Support Minneapolis: Where to Find Top IT Services in Minneapolis

IT Support Minneapolis: Where to Find Top IT Services in Minneapolis

If you’re wondering where to find top IT services in Minneapolis, it’s important to identify providers that offer a wide range of support, have great service and provide solid tech expertise. Comprehensive technology insight is especially important when it comes to IT...

Webinar: Email Security that Doesn’t Suck…

Webinar: Email Security that Doesn’t Suck…

Trustifi and Security 7 present Email Security That Doesn’t Suck.  In today’s age of over-complicated security tools, it is extremely difficult to manage the fine balance between security and productivity.   {% video_player "embed_player" overrideable=False,...