WireGuard / CVE-2019-14899: How secure the protocol really is?

I’ve been using OpenVPN and SSH tunnels for a multitude of scenarios over the years and recently I’ve been earning a lot of buzz around the simplicity and security of WireGuard. Now I’ve found some troubling information about CVE-2019-14899:

An attacker that controls your L2 link (i.e., your WiFi or LAN) can send specially crafted packets to your device. The attacker can then use those packets to actively probe for certain properties of the TCP connections originating from your device. In other words, by controlling a device’s access point to the Internet, an attacker can infer if the user is connected to a specific host and port.

Additionally, if a TCP connection is unencrypted inside the VPN tunnel (if you visit a page that uses HTTP instead of HTTPS, for instance), the attacker can inject packets into that specific unencrypted stream. This would allow an attacker to feed your device fake HTML content for that particular stream. That would be dangerous, but as previously stated, the attacker must target a specific TCP connection, so it is not a simple vulnerability to exploit.

Source: https://protonvpn.com/blog/statement-on-cve-2019-14899/

  1. Is this information technically correct?
  2. Some sources on the web also state that anyone controlling the WAN of the server will also be able to take advantage of this flaw. Is it true? Can the server’s ISP exploit this?

Assuming the information is correct:

  1. Why does it matter if the "TCP connection is unencrypted inside the VPN tunnel"? In theory one uses a VPN exactly to go around this issue – to make sure nobody can see the contents of the communication between two machines;
  2. If anyone controlling the client’s LAN can inject packages, how is this even considered a secure protocol? From my understating authenticity validation is a must in scenarios like this. The server should be able to check the authenticity of new data instead of blindingly accepting it… Isn’t there some kind of key exchange for this?
  3. According to Wireguard’s website "mimics the model of SSH and Mosh; both parties have each other’s public keys, and then they’re simply able to begin exchanging packets through the interface." How is a 3rd party (that doesn’t have the right keys) able impersonate the client, send data and then how the server decrypts it using the client’s real key without errors?

It look to me like the information about the CVE isn’t correct OR WireGuard was so badly designed that it can’t even use a proper key exchange to secure a communication channel.

Thank you in advance.

Does this registry entry for implementing custom protocol handlers in Windows present a security risk?

Background

Some features are not yet available on the web platform and thus require cooperation with a native application in order to provide them. One method for a web application and a native application to communicate with each other is a custom protocol handler.

For instance, the web application can call "mycustomproto://some/params", where "mycustomproto" must first be registered with the operating system as a valid URI protocol. On Windows, this is done in the registry. There are a few keys/subkeys/values etc that must be added to the registry, but only one actually deals with specifying the executable and it’s parameter(s).

Note that once the protocol handler is registered with the operating system, it can be launched by any website that knows of its existence, subjecting it to potential abuse.


Example Windows registry value for this purpose

All of the examples that I’ve found documenting this show the following:

C:\myapp.exe "%1"


Primary Question

Assuming that the registered handler (e.g. "myapp.exe") has zero possible security flaws, is the above example registry value sufficient for ensuring that malicious websites are unable to piggyback additional commands and/or arguments?


Clarifications

  • For the purpose of this question, please assume that the protocol handler (e.g. "myapp.exe") is incapable of exposing vulnerabilities of its own – it’s idle – it launches, does nothing, and quits. This question is specifically related to the browser and/or OS and the "execution" of this registry value.
  • Can malicious actors somehow escape out of the "%1" double quotes and cause the browser and/or OS to run additional commands (e.g. && C:\Win32\do-something-malicious.example.exe)?
  • Similarly, can malicious actors somehow send additional arguments to the protocol handler? Or does the "%1" ensure that the handler will only ever receive a single argument?
  • If this registry value is insufficient to only ever call the protocol handler (and nothing more) with a single argument, is there a better way?

some questions on Go-Back-N (GBN) protocol

I was reading a textbook which describe Go-Back-N (GBN) protocol with Finate State Machines as pictures below show: enter image description here

enter image description here

where ^ mean initial state. So my questions are:

Q1-THis is the interactive animations link to GBN https://media.pearsoncmg.com/aw/ecs_kurose_compnetwork_7/cw/content/interactiveanimations/go-back-n-protocol/index.html

And let’s say we are sending packet 0, packet 1 and packet 2, and packet 1 is lost beforen it arrive receiver. So when it is timeout, GBN will make sender re-send packet 1 and packet 2, And I found an interesting thing which is,if you try the link with above scenario and you send packet 3 just before timeout occurs,this action reset the timer, because you can see the timeout is postponed(otherwise you will see packet 1,2,3 flying in screen).But according to the sender’s FSM, after you send packet 3, timeout occurs immediately, then the sender will re-send packet 1 and packet 2, but it didn’t happen as timeout is postponed, which contradicts the fact that time is only get reseted when base = nextseqnum?

Q2-On the receiver’s FSM, why it needs to set expectedseqnum = 1 and make a packet based on it? why we cannot set expectedseqnum = 0 as the only initialized action?

Go-Back-N Protocol not efficient?

Let’s say we have five packets

p1 p2 p3 p4 p5

to be sent sequentially:

and for some reasons, p3 got delayed so it the the last packet to arrive recevier.

so below is the receiving order on the receiver’s end

p1 p2 p4 p5 p3

and according to the Go-Back-N Protocol, the receiver will only send acknowledge of p2 when it receive p5.

then the receiver receives p3 right after p5, and then it sends acknowledge of p3 to the sender.

But there will still be a timeout and the sender still has to re-send p4 and p5,even though the receiver did receive all packets, isn’t this Go-Back-N Protocol really inefficient?

Undetectable Proxy or VPN Protocol

Is there a safe way for creating a proxy, tunnel, or VPN that cannot be detected by the datacenter or ISPs?

I’m living in an oppressing country, but I’ve access to a VPS with less regulated access to the Internet. I was hoping to find a secure protocol for tunneling my traffic through that VPS without them knowing?

Speed limits and traffic reshaping (like connecting and disconnecting it to look like web browsing burst traffic) are not an issue. I’m just looking for a protocol that can be easily and quickly set up.

I’ve heard that OpenVPN does not limit the ports that can be used, but I’m not sure if that’s enough. I’ve also heard that WireGaurd has built-in tools for reshaping the traffic.

FTP server and chroot: SSL3 alert write: fatal: protocol version

When i enable "chroot_local_user=YES" in my FTP server config /etc/vsftpd/vsftpd.conf
then the FTP client (WinSCP) says:

when it is commented out and "service vsftpd restart" , it login OK, but allows browsing system directories in the /.
This is CentOS 7 Linux.

These are…

FTP server and chroot: SSL3 alert write: fatal: protocol version

TCG-OPAL protocol stack

I’m looking for a TCG-OPAL protocol stack agent, to be working on the SSD side. I found partial implementations of host-side TCG-OPAL. These are opening sessions and initiating the commands. I need the side that serves these commands, residing on the SSD. Host side TCG-OPAL implementations:

  • Drive Trust Alliance: https://github.com/Drive-Trust-Alliance/sedutil
  • Linux source code: https://elixir.bootlin.com/linux/latest/source/block/sed-opal.c

Arthur-Merlin protocol

I recently learned about the Arthur-Merlin protocol, and we defined the complexity classes $ AM,MA$ .

We have also seen that there exists a theorem stating that $ AMAMAM…AM=AM$ , however we have not formally defined $ AMAMAMAM…AM$ .

We did give a brief definition for it as a protocol, but i would like to see a formal definition without protocols, just like $ AM$ and $ MA$ (and $ MAM$ )

A definition for $ AMA$ should suffice for me, just to get the hang of how it should look.

Thanks!

Attacks on EAP-AKA’ protocol (5g)

I’m doing research on authentication protocols and I’m analyzing the EAP-AKA’ protocol described in RFC 5448 that is one of the three protocols adopted in 5G. I would like to know if there are any known attacks to this protocol as I can’t find anything among the common research portals.