dslreports logo
 
    All Forums Hot Topics Gallery
spc
Search similar:


uniqs
4171

glnz
join:2006-11-26
New York, NY

glnz

Member

[Modem/Router] Does Heartbleed affect the Actiontec GT784WNV ?

Does Heartbleed affect the Actiontec GT784WNV ?

We have one from Verizon for our Verizon DSL.

I'd like a straight answer for a NON-tech person.

If the Actiontec is affected, what should we do, and when?

Thanks.

tl9
join:2005-05-23
MA

1 edit

1 recommendation

tl9

Member

No.

[Edit] Not likely, but if the authentication process uses affected/compromised servers then the account login name and password would be vulnerable and need changing once the servers are fixed. [/Edit]

glnz
join:2006-11-26
New York, NY

glnz

Member

tl9 - thanks for your fast reply, but that doesn't give me hard information, does it?

So it's possible my Actiontec is affected, and it's also possible Verizon's devices in my internet path are affected.

Well, are they or aren't they? I need to know 100%, not maybe.

And if they are, what do I do, and exactly when do I do it?

No more half answers from anyone - only hard 100% answers.

tl9
join:2005-05-23
MA

1 recommendation

tl9

Member

Ask Verizon then...

glnz
join:2006-11-26
New York, NY

glnz

Member

tl9 - please step aside. Thanks.

I have already called Verizon, spoken with them, and they promised to call me back. How likely is that?

If anyone gets HARD information from the big bureaucracy, please let us know.

WiFiguru
To infinity... and beyond
Premium Member
join:2005-06-21
Seattle, WA

WiFiguru to glnz

Premium Member

to glnz
Yes.

Actiontec gateways use OpenSSL for their GUI, though if the GUI is disabled for public IP space, then I don't think it'll be an issue.

echo "Get HTTP 1.0" | openssl s_client -connect 192.168.1.1:443
CONNECTED(00000003)
depth=0 C = US, CN = ORname_Jungo: OpenRG Products Group
verify error:num=18:self signed certificate
verify return:1
depth=0 C = US, CN = ORname_Jungo: OpenRG Products Group
verify return:1
---
Certificate chain
0 s:/C=US/CN=ORname_Jungo: OpenRG Products Group
i:/C=US/CN=ORname_Jungo: OpenRG Products Group

subject=/C=US/CN=ORname_Jungo: OpenRG Products Group
issuer=/C=US/CN=ORname_Jungo: OpenRG Products Group
---
No client certificate CA names sent
---
SSL handshake has read 827 bytes and written 424 bytes
---
New, TLSv1/SSLv3, Cipher is AES256-SHA
Server public key is 1024 bit
Secure Renegotiation IS NOT supported
Compression: NONE
Expansion: NONE
SSL-Session:
Protocol : TLSv1
Cipher : AES256-SHA
Session-ID: ...
Session-ID-ctx:
Master-Key: ...
Start Time: 1367218703
Timeout : 300 (sec)
Verify return code: 18 (self signed certificate)

Here's something from the web:

$ openssl x509 -in ORname_Jungo\:OpenRGProductsGroup -noout -fingerprint
SHA1 Fingerprint=43:88:33:C0:94:F6:AF:C8:64:C6:0E:4A:6F:57:E9:F4:D1:28:14:11

$ openssl x509 -in ORname_Jungo\:OpenRGProductsGroup -noout -text
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 0 (0x0)
Signature Algorithm: md5WithRSAEncryption
Issuer: C=US, CN=ORname_Jungo: OpenRG Products Group
Validity
Not Before: Jun 3 11:11:43 2004 GMT
Not After : May 29 11:11:43 2024 GMT
Subject: C=US, CN=ORname_Jungo: OpenRG Products Group
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
Public-Key: (1024 bit)
Modulus:
00:ce:3d:af:b0:ff:6a:39:22:e5:ac:dd:e5:76:31:
55:c4:a7:2a:8b:61:f6:52:71:bc:8f:a6:bd:a6:63:
cc:e4:6d:d2:82:e8:31:6a:cc:6e:9c:05:8e:d2:d3:
aa:a8:6d:58:d7:98:e8:10:32:4a:15:a0:ef:22:85:
b0:f5:34:1e:95:ff:8c:72:0e:03:30:24:9f:2e:49:
fa:5a:07:f2:72:cd:e7:de:a0:dc:fd:19:c8:3e:b3:
ec:29:2a:81:bc:e0:f4:c7:c9:f5:72:eb:13:13:0b:
06:7e:a8:2d:ba:24:b1:8f:aa:eb:bf:b9:cc:04:96:
31:f2:d1:65:58:3e:66:fd:55
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Basic Constraints:
CA:TRUE, pathlen:5
X509v3 Key Usage:
Digital Signature, Non Repudiation, Key Encipherment,
Data Encipherment, Certificate Sign
X509v3 Extended Key Usage:
TLS Web Client Authentication, Code Signing, E-mail
Protection, TLS Web Server Authentication
Netscape Comment:
Jungo OpenRG Products Group standard certificate
Netscape Cert Type:
SSL Client, SSL Server, SSL CA
Signature Algorithm: md5WithRSAEncryption
9e:d6:d6:cd:8f:e4:52:1a:ad:77:99:4d:f9:91:18:da:06:12:
92:df:5f:5a:88:8b:66:87:7d:86:03:2c:d7:82:3e:24:64:56:
b9:10:f5:ad:ef:77:c2:f9:45:d4:51:6f:c4:93:a4:cf:63:0b:
73:47:64:47:4c:f4:fd:6d:fa:cf:b4:f0:ef:2a:49:53:ff:35:
77:29:ed:6b:dc:88:58:b4:b2:c1:d9:f5:fd:8e:80:ed:5e:81:
c3:24:05:46:e2:65:83:6f:e7:0c:ff:ad:52:5b:5c:e9:c5:db:
51:ef:06:75:39:b6:20:04:c0:cc:44:7c:38:a1:91:6c:13:2d:
5e:ab

glnz
join:2006-11-26
New York, NY

glnz

Member

 
Dear WiFiGuru - Many thanks, and wow!  But ... what does it mean? I'm proud to be a NON-tech. (Or at least resigned to it.)

There's a lot of "Jungo" and "Open RG" and "ORName" - is that what needs to be fixed? And who would supply the fix? And how would I install it?

My Actiontec says:
"Current Firmware Version: GT784WN-VZ-1.1.12"
If I click on
"The Upgrade file for upgrading firmware may be obtained here"
it prompts me to save a file called gt784wn-vz-1.1.6.img from »www.actiontecsupport.com.
But that seems to be a LOWER-OLDER subversion number than what I already have. (Isn't .6 lower than .12 for these purposes?)

And I have my Actiontec set up nicely for WPA-PSK with MAC filtering and OpenDNS as the outgoing DNS and don't want to re-do all of that unless I know 100% that the upgrade fixes the Heartbleed issue.

ALSO - let's talk about Verizon's own servers. As my internet signals pass through Verizon's circuits, some of which are Juniper (per a conversation many years ago with a Vz tech), aren't they going through vulnerable circuits and devices?

AND - my personal email is [MyEmailName]@Verizon.net, and when I turn on my email app on my home PC, I have to give my own password for each Vz account or sub-account. Are the Vz email servers secure?

Since you seem to be knowledgeable, are you able to tell?
coryw
join:2013-12-22
Flagstaff, AZ

coryw to glnz

Member

to glnz
For your modem: Even if it's using a version of openSSL that's vulnerable, if you haven't opened the administration interface to the world, then it should be completely fine. Heartbleed works when an attacker requests a very very long answer to a heartbeat request. Probably the best answer is here: »xkcd.com/1354/

For your connection: The BRAS (which is a server that accepts your DSL user name and password and further connects you to the Internet) might be compromised if somebody knows the address to it and traffic is routable to it outside of Verizon's private management network. My guess is two things:

1) the BRAS might not even be using OpenSSL. (or it's using a version so old it doesn't have this particular vulnerability)
2) The BRAS will not directly accept traffic from the Internet at large. Somebody inside Verizon would have to do it.

The other thing to note is that regular switches don't really have much in the way of computing horsepower and are probably not running OpenSSL. This bug is really something targeting web servers.

A good resource is here: »mashable.com/2014/04/09/ ··· ffected/ where they list web sites that have announced you'll need to change your password.
smcallah
join:2004-08-05
Home

smcallah to glnz

Member

to glnz
Routers and switches in your path do not exchange data over SSL connections. Any routers and switches would only have SSL for management connections to admin the router/switches, not in the path of customer traffic.

Even if a hacker compromised a router through Heartbleed ( very unlikely that Verizon has mgmt access open to the public Internet ), he would have a very hard time seeing your traffic. Any of your SSL traffic traversing the router is encrypted, because the router is not the endpoint. And unless the hacker has physical access to plugin a sniffer and capture packets off of the router, he is not going to be able to see your traffic. Routers are able to foward very large amounts of packets because they don't look at the contents, only the headers. To look at the contents, you must be able to physically plug in a tapped cable with a sniffer present to capture packets to analyze offline.

Smith6612
MVM
join:2008-02-01
North Tonawanda, NY

1 recommendation

Smith6612 to glnz

MVM

to glnz
I believe we should be checking against Port 4567 and other backdoor CWMP management ports Verizon has. Something like that is of equal concern as some script running on a computer trying to get data from the local router.

glnz
join:2006-11-26
New York, NY

glnz

Member

 
Smith - I'm not technically knowledgeable enough to follow your post above. Is there anything I should be doing to my Actiontec GT784WNV ?

Port 4567 is indeed being forwarded in my Actiontec.

It says

Applied Port Forwarding Rules
START/ END PORT        
4567

PROTOCOL
TCP

LAN IP ADDRESS
-

START/END PORT REMOTE
4567

REMOTE IP ADDRESS
-

EDIT

Thanks.
coryw
join:2013-12-22
Flagstaff, AZ

1 recommendation

coryw

Member

I have an ActionTec Q1000 for another provider. I went ahead and SSH'd into it and checked.

I have an ActionTec C1000a I could also connect and check, but let's be honest, the GT784WR is pretty old. It's likely on an equally old version.

OpenSSL> version
OpenSSL 0.9.7f 22 Mar 2005

My guess is that your router is likely safe from Heartbleed.