Kerio Control VPN Vulnerability - Inadequate Cryptography Mechanism

Summary

Kerio Control VPN Vulnerability - Inadequate Cryptography Mechanism

Overview

What is the Vulnerability

Kerio Control VPN encrypts the traffic such that it cannot be changed and nobody can access the details. However, the encryption being used has become obsolete and it has been proven that an attacker can replace the content of the VPN traffic with something else potentially malicious. This is due to the weak cryptography, and effects all versions of Kerio Control less than 9.2.8.
 

How to Identify if vulnerable VPN Clients are connecting to Kerio Control

1. Open Kerio Control administrative console
2. Click Status from the left sidebar
3. Click VPN Clients
4. Here you have displayed the list of VPN Clients. If the version column is not visible right-click on the header, select columns and select Version
5. Vulnerable clients are version 9.2.7 or earlier.

Creating Automatic Alerts

1. Go to Logs (left tab)
2. Select Debug log
3. Right-click on log text and select Messages
4. In the Messages dropdown scroll down to Kerio VPN
5. Select VPN clients
6. Click on OK
7. Now go to Settings (left tab)
8. Select Accounting and Monitoring
9. Select tab Alert Settings
10. Click on Add
11. Enter email address to receive the alert
12. Click Log Message
13. In Name enter: BlowFish VPN Client Connect
14. Log select Debug
15. Condition type in: .*?Cipher configured. Cipher Type:BLF User:.*
16. Tick Use Regular Expression
17. Click OK
18. Click OK in Edit Alerts dialog

Cause

• This is due to weak cryptography (BlowFish) that has been used since the initial release of Kerio Control VPN.

 

Resolution

• Upgrade to Kerio Control 9.2.8 which uses more robust encryption.
• Follow the guide below for instructions on how to upgrade Kerio Control and Kerio Control VPN software to version 9.2.8:
  Upgrading Kerio Control