OpenVPN - New attack via compression vulnerability (Voracle)

General questions.
Post Reply
ummeegge
Community Developer
Community Developer
Posts: 4993
Joined: October 9th, 2010, 10:00 am

OpenVPN - New attack via compression vulnerability (Voracle)

Post by ummeegge » August 18th, 2018, 12:12 pm

Hi all,
i wanted to inform you causing a new possible attack called "Voracle" --> https://i.blackhat.com/us-18/Wed-August ... tworks.pdf --> https://www.bleepingcomputer.com/news/s ... nnections/ --> https://www.mail-archive.com/openvpn-de ... 16919.html whereby HTTP traffic can be recovered by sending it via encrypted VPN connections under certain conditions.

As far as i know there are 5 circumstances needed to decrypt the session key:

Quote from --> https://nordvpn.com/blog/voracle-attack/
  • Attacker needs to be on the same network as you;
  • You need to be using an HTTP connection;
  • You need to be using a browser vulnerable to VORACLE (anything but Chrome);
  • You need to visit a website that the hacker controls;
  • You need to be using OpenVPN with compression engaged.
IPFire do not enables compression per default but if you did enabled it, you should check the list above if you come into consideration to this kind of attack. If so, you should disable the compression on server but also on client side.

Greetings,

UE
Image
Image

User avatar
MarkMHendr
Posts: 1
Joined: November 29th, 2018, 3:04 pm

Re: OpenVPN - New attack via compression vulnerability (Voracle)

Post by MarkMHendr » November 29th, 2018, 3:16 pm

On the problem of VORACLE, which, under certain conditions, allows you to recover HTTP traffic sent through a VPN connection, many have heard. In essence, VORACLE is not a new attack, but a new variation on the already known cryptographic problems CRIME, TIME and BREACH. Such an attack can still be a formidable weapon, there is to turn it against some types of VPN traffic. So, according to the expert, VPN clients and services that compress HTTP traffic before encrypting it are vulnerable.
Recently I wrote an article vpn server software for windows in which I did VPN reviews and which ones are at risk.
VORACLE attack is effective against VPN clients and services built on the basis of OpenVPN. It allows you to decrypt the secrets of HTTP traffic transmitted via VPN. The main purpose of such an attack will be to search for something interesting, be it a cookie, pages with private information or something else.
So, it is enough not to use the OpenVPN protocol and stay away from HTTP sites, since this problem does not affect HTTPS traffic.

ummeegge
Community Developer
Community Developer
Posts: 4993
Joined: October 9th, 2010, 10:00 am

Re: OpenVPN - New attack via compression vulnerability (Voracle)

Post by ummeegge » November 29th, 2018, 7:35 pm

Great summary, thanks for that.
If you are motivated/interested in that matter we started in here --> viewtopic.php?f=16&t=21895#p120696 to collect some ideas for possible checks in OpenVPN server.conf for a, let´s say, inventory of the existing :) . If you have some further ideas/interest in this topic or in general for better "best practice" with OpenVPN on IPFire some exchange might be nice.

UE
Image
Image

Post Reply