[cisco-voip] DRS Backup Decrypter - Decrypt Failure After Patching
Pete Brown
jpb at chykn.com
Fri Apr 15 18:25:33 EDT 2016
They're definitely covering the bases on this one. There are a total of 6 Cisco Bug IDs directly related to this. Looks like one for each file on each product that would have contained the plaintext random key. I guess it was only a matter of time. As much as I hate to see this particular door closed, I understand and agree with the logic behind it.
http://www.securityfocus.com/bid/83103/discuss
To those in the DRS group, I apologize for any headache this has caused. But please do not put any additional restrictions in place to unlocking backup data. As customers, we have a legitimate need to access data from backups without having to perform a full restore. Some customers do not have the resources necessary to stand up sandbox environments for restores. Even if they do, an engineer should not have to spend an entire day restoring a system in order to fulfill a voicemail extraction request from legal. That's the reason this program was written to begin with. DRS Message Fisher wasn't updated with an option to open encrypted backup sets by inputting the cluster security password.
Thanks,
Pete
<http://www.securityfocus.com/bid/83103/discuss>
Multiple Cisco Unified Products CVE-2016-1319 Information Disclosure Vulnerability<http://www.securityfocus.com/bid/83103/discuss>
www.securityfocus.com
SecurityFocus is designed to facilitate discussion on computer security related topics, create computer security awareness, and to provide the Internet's largest and most comprehensive database of computer security knowledge and resources to the public. It also hosts the BUGTRAQ mailing list.
________________________________
From: Pete Brown <jpb at chykn.com>
Sent: Friday, April 15, 2016 3:42 PM
To: cisco-voip at puck.nether.net
Subject: DRS Backup Decrypter - Decrypt Failure After Patching
Looks like the party is going to be over for decrypting backup sets without requiring the cluster security password...
https://quickview.cloudapps.cisco.com/quickview/bug/CSCuv8592<https://quickview.cloudapps.cisco.com/quickview/bug/CSCuv85926>
All encrypted DRS backup sets until now have contained a plaintext copy of the randomly generated backup key. It lists the known affected releases as 10.5(2.12901.1), but this goes all the way from 8.0 to 11.5 and affects CUCM, UCON and UCCX. This is how the decrypter has been able to decrypt backup sets without the cluster security password.
Once this is patched, you may no longer be able to decrypt backups even if you type in the correct password. If you run into this, please let me know and I'll work on an update.
Thanks,
Pete
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://puck.nether.net/pipermail/cisco-voip/attachments/20160415/e1995cc2/attachment.html>
More information about the cisco-voip
mailing list