Information on IPSec configurations using ESP in Tunnel Mode
03/26/2020 20 12601
DESCRIPTION: Information on IPSec configurations using ESP in Tunnel Mode
Weaknesses in certain IPSec configurations using ESP (Encapsulating Security Payload) in Tunnel Mode have been identified where an attacker may effect a controlled change on the header of the inner (encrypted/encapsulated) packet by exploiting a well-known bit-flipping weakness of CBC (Cipher Block Chaining) modes of encryption such as DES, DES3, and AES. This weakness only exists when authentication is not used in the ESP configuration.
The identified weaknesses only exist when ESP is configured to use encryption (confidentiality) only without authentication (integrity). The solution is:
Configure ESP to use both Encryption and Authentication.
SonicWall's Phase I IPSec configuration requires the selection of an authentication component, either SHA-1 or MD5. Phase II configurations allow SHA-1, MD5, and Null methods of authentication. To avoid the potential vulnerability described, select either SHA-1 or MD5 for Phase II authentication on all IPSEC configurations.