VPNs at risk from security glitch

Filed under
Security

A flaw in a key Internet security protocol used by major networking products could open systems up to denial-of-service (DoS) and other kinds of attacks, experts have warned.

Finnish researchers at the University of Oulu announced Monday that they have found a vulnerability in the Internet Security Association and Key Management Protocol, or ISAKMP. The technology is used in IPsec virtual private network and firewall products from a range of networking companies, including giants Cisco and Juniper.

"These flaws may expose DoS conditions, format string vulnerabilities, and buffer overflows," the advisory said. All these could shut down devices and slow transmission of data across the Internet. In some cases, they could also allow hackers to execute code and hijack a device, NISCC warned.

Full Story.