1 00:00:00,000 --> 00:00:03,730 [Translated by {Iikka}{Yli-Kuivila} (ITKST56 course assignment at JYU.FI)] 2 00:00:03,730 --> 00:00:31,339 *33C3 preroll music* 3 00:00:31,339 --> 00:00:35,200 Herald: Welcome back to the festival stage, still day two according to my 4 00:00:35,200 --> 00:00:40,970 clock, even though I have lost all sense of time by now, I don't know. It's like a 5 00:00:40,970 --> 00:00:45,440 kind of rush year with so many great talks, and we'll have the next super 6 00:00:45,440 --> 00:00:52,640 awesome talk held by Jiska, Gerbert and Matthias. And those three lovely people 7 00:00:52,640 --> 00:00:59,780 will be showing us something about VPNs. So-called very pwnable networks and why 8 00:00:59,780 --> 00:01:05,989 your VPN might not be as secure as you think or have been led to believe. And 9 00:01:05,989 --> 00:01:10,909 this is not only important for the people that think like, haha, I'm behind seven 10 00:01:10,909 --> 00:01:15,829 proxies. You can't catch me. But also, maybe if your employer says, please use 11 00:01:15,829 --> 00:01:21,179 this VPN client and there might be some surprises waiting for you. And this is 12 00:01:21,179 --> 00:01:26,350 again, a pre-recording, and afterwards I can already see them here in our tools, 13 00:01:26,350 --> 00:01:32,490 but afterwards we will do a Q&A session. So if you have any questions, put them 14 00:01:32,490 --> 00:01:40,859 into the IRC or on Twitter or Mastodon with the hashtag #rc3cwtv. And our lovely 15 00:01:40,859 --> 00:01:46,366 Signal Angel will collect them and we'll see each other after the pre-recording. 16 00:01:46,366 --> 00:01:48,459 Jiska: Everyone and welcome to the talk 17 00:01:48,459 --> 00:01:56,170 Very Pwnable Network which is by Gerbert, Matthias and me. So how did all start? 18 00:01:56,170 --> 00:02:02,369 Well, I got a little bit paranoid last year and I just thought it might be a good 19 00:02:02,369 --> 00:02:08,510 idea to encrypt a lot because Wi-Fi, LTE, TLS it might be intercepted, might be 20 00:02:08,510 --> 00:02:14,420 decrypted. So we should encrypt like everyone is watching and so I should use a 21 00:02:14,420 --> 00:02:20,110 VPN on top. And then the next trust assumption was that I connect to my 22 00:02:20,110 --> 00:02:26,740 university's network every day, so I should trust this one anyway. And if I 23 00:02:26,740 --> 00:02:30,710 trust this network, then I could also use this network and their professional VPN 24 00:02:30,710 --> 00:02:36,060 service. I hear you laughing, I hear laughing but so this was my idea because 25 00:02:36,060 --> 00:02:42,570 then there is no additional thing that I trust during my network activity. And 26 00:02:42,570 --> 00:02:47,610 well, they had this nice AnyConnect line that just works on all operating systems. 27 00:02:47,610 --> 00:02:53,250 So it also sounds like a great product name for a secure product like AnyConnect. 28 00:02:53,250 --> 00:03:00,180 Yeah. And then I started using this on my mobile devices, right? And then suddenly I 29 00:03:00,180 --> 00:03:06,440 got crash logs and it looked like this. So I mean, if you're paranoid, you obviously 30 00:03:06,440 --> 00:03:11,840 look into your crash logs every two days and one of these crash logs was this one. 31 00:03:11,840 --> 00:03:17,170 It didn't really look nice the address looks a bit strange, and you also have 32 00:03:17,170 --> 00:03:21,850 some trace of the crashed thread. And if you log this into IDA and do a little bit 33 00:03:21,850 --> 00:03:25,540 of reverse engineering, you can also add some function names in the AnyConnect 34 00:03:25,540 --> 00:03:31,540 extension, the AC extension and the crash is somewhere when it applies VPN config 35 00:03:31,540 --> 00:03:37,160 somewhere in the - in the tunnel buffers. I don't know. So - and then also, the 36 00:03:37,160 --> 00:03:44,220 address looks strange because the address is IP version four backwards and then a 37 00:03:44,220 --> 00:03:52,020 few days later I got another crash and this crash read like 68k New Line. And so 38 00:03:52,020 --> 00:03:56,670 it really looked like some configuration strings that were crashing at certain 39 00:03:56,670 --> 00:04:02,110 addresses, so it really didn't look good. But I also didn't have that much time. So 40 00:04:02,110 --> 00:04:06,940 I just wrote Cisco and said, like, so do you mean to serious like, is your client 41 00:04:06,940 --> 00:04:13,180 really crashing that often? Because every time I do my laundry, I have bad Internet 42 00:04:13,180 --> 00:04:20,370 connectivity, so my any - my AnyConnect client starts to crash at weird addresses. 43 00:04:20,370 --> 00:04:26,889 And while this is like an issue for code execution, the other issue is that if you 44 00:04:26,889 --> 00:04:30,950 just jam a few packets over the air, then an attacker might be able to disconnect 45 00:04:30,950 --> 00:04:38,360 the victim from a VPN. So that is also an issue. So because the AnyConnect client is 46 00:04:38,360 --> 00:04:44,010 not properly included in the operating system iOS, and that means that you would 47 00:04:44,010 --> 00:04:48,130 just reconnect and send your messages in plaintext over the network and the user 48 00:04:48,130 --> 00:04:52,440 does not get any notification. It's just a VPN symbol that has gone and all traffic 49 00:04:52,440 --> 00:04:58,030 is sent in plaintext. And I wanted to analyze this a little bit further and 50 00:04:58,030 --> 00:05:01,590 there is a debugging option in the AnyConnect client. But since it's in the 51 00:05:01,590 --> 00:05:07,480 client that crashes, the logs are just gone. If you have a crash and even worse 52 00:05:07,480 --> 00:05:12,340 also the operating system crash logs in iOS are missing if you have the debugging 53 00:05:12,340 --> 00:05:19,180 option enabled. And well they answered: "We cannot reproduce this". I mean, 54 00:05:19,180 --> 00:05:23,520 obviously they didn't help me with my laundry or anything so they could not 55 00:05:23,520 --> 00:05:30,230 reproduce. And even worse, they ignored the ticket for a long time until we said 56 00:05:30,230 --> 00:05:37,100 we are going to present this at this year's CCC congress. And then 10 days 57 00:05:37,100 --> 00:05:40,520 before the talk they claimed that they had fixed two out of the three crashes and 58 00:05:40,520 --> 00:05:44,400 were asking if we could reproduce the crashes or not. But just a day before they 59 00:05:44,400 --> 00:05:51,510 said like they were not sure and so on. So it was really a weird ticket there and I 60 00:05:51,510 --> 00:05:55,040 have no idea if things are fixed or not, because to reproduce, I obviously need 61 00:05:55,040 --> 00:05:59,949 like tinfoil. I need like a couple of smart phones with the AnyConnect client 62 00:05:59,949 --> 00:06:04,250 installed, and then I need to walk around and hope that the Internet connection 63 00:06:04,250 --> 00:06:08,060 breaks and that it breaks in a way that produces a crash. So this is just way too 64 00:06:08,060 --> 00:06:17,030 random. I also told Apple and Apple just said, Well, the issue is that the client 65 00:06:17,030 --> 00:06:21,590 crashes so it's not really their department, even though it's the network 66 00:06:21,590 --> 00:06:28,840 extension that crashes. So it's not their task here to notify the user. It's just 67 00:06:28,840 --> 00:06:33,300 the VPN that is gone. And then you send data in plaintext and this is all right. 68 00:06:33,300 --> 00:06:41,170 This is the expected behavior. So I got a bit annoyed and stopped using VPNs, but I 69 00:06:41,170 --> 00:06:47,240 also had the idea to find students who might look into this. And well, you know 70 00:06:47,240 --> 00:06:52,369 what happens when you find very motivated students, they find vulnerabilities. And 71 00:06:52,369 --> 00:06:54,590 this is what this talk is going to be about. 72 00:06:54,590 --> 00:06:59,930 Gerbert: So we had a look at the Cisco AnyConnect client for Linux and found some 73 00:06:59,930 --> 00:07:04,460 interesting things. Shortly after publishing our findings, several news 74 00:07:04,460 --> 00:07:09,929 articles popped up. But what happened between the crashes of Jiska and these 75 00:07:09,929 --> 00:07:17,810 articles? VPN is interesting because it is such an old research topic. However, the 76 00:07:17,810 --> 00:07:23,110 importance of the technology was later increased by the corona pandemic. Many 77 00:07:23,110 --> 00:07:29,639 companies had to relocate to home offices to meet the safety measures. VPN allows 78 00:07:29,639 --> 00:07:36,240 users from outside to access internal resources of the company or university. To 79 00:07:36,240 --> 00:07:42,690 connect to a VPN server, additional client software is usually required. Besides open 80 00:07:42,690 --> 00:07:49,020 source products, such as openVPN, a lot of closed source software is offered on 81 00:07:49,020 --> 00:07:55,400 the market. Especially in the enterprise sector. The users are forced to trust this 82 00:07:55,400 --> 00:08:01,930 software, install a black box in their system in order to connect to a network. 83 00:08:01,930 --> 00:08:09,009 AnyConnect secure mobility client from Cisco is an enterprise software solution. 84 00:08:09,009 --> 00:08:13,650 AnyConnect can be classified as a remote access client that allows end-users to 85 00:08:13,650 --> 00:08:21,550 connect to a network that supports SSL VPN and also IPsec. When using SSL VPN the 86 00:08:21,550 --> 00:08:29,510 authentication and the establishment of a VPN tunnel is carried out via an SSL or 87 00:08:29,510 --> 00:08:35,650 TLS tunnel. The software acts as a fat client that communicates with the VPN 88 00:08:35,650 --> 00:08:42,329 server via HTTPS. As already mentioned the source code for AnyConnect is not publicly 89 00:08:42,329 --> 00:08:48,500 available. The application is distributed with compiled binaries and libraries. 90 00:08:48,500 --> 00:08:54,210 Although the application is documented, it does not cover internal functionality. 91 00:08:54,210 --> 00:08:59,160 Even the vulnerability disclosures, which are published in public advisories, do not 92 00:08:59,160 --> 00:09:04,630 go into much technical detail. Therefore there is only limited knowledge about the 93 00:09:04,630 --> 00:09:10,890 application and its internal behavior. We have set ourselves the goal to examine 94 00:09:10,890 --> 00:09:19,649 AnyConnect for Linux and iOS in a recent version. The main functionality of 95 00:09:19,649 --> 00:09:25,380 AnyConnect is the establishment of VPN connections, but this is only the tip of 96 00:09:25,380 --> 00:09:31,680 the iceberg. AnyConnect also connects numerous other features, to name a few: 97 00:09:31,680 --> 00:09:37,230 The distribution and execution of scripts on host systems, automatically updating 98 00:09:37,230 --> 00:09:43,470 the software without asking the user for permission. Another feature is host scan: 99 00:09:43,470 --> 00:09:49,310 it does not integrate into AnyConnect, but it is considered as a standalone software. 100 00:09:49,310 --> 00:09:54,180 It works together with the AnyConnect infrastructure and makes it possible to 101 00:09:54,180 --> 00:10:00,550 read out extensive system information of the host and transmit them to VPN server. 102 00:10:00,550 --> 00:10:08,870 The related work of AnyConnect is based on Cisco's public advisories and blog entries 103 00:10:08,870 --> 00:10:14,660 from certain security researchers. Therefore, we decided to list and 104 00:10:14,660 --> 00:10:21,470 categorize all vulnerabilities since 2011. On this diagram, we see a list of 105 00:10:21,470 --> 00:10:27,430 vulnerabilities per year, ordered by severity. Most of the time reported 106 00:10:27,430 --> 00:10:33,290 vulnerabilities are classified as medium, but even critical vulnerabilities were 107 00:10:33,290 --> 00:10:44,010 disclosed in 2011 and 2012. The increased numbers in 2015 and 2016 caused numerous 108 00:10:44,010 --> 00:10:51,380 vulnerabilities of libraries such as OpenSSL. The vulnerabilities were then 109 00:10:51,380 --> 00:10:57,420 divided into categories and illustrated in the diagram. Cryptographic vulnerabilities 110 00:10:57,420 --> 00:11:04,370 are the most common as AnyConnect uses OpenSSL and vulnerabilities in OpenSSL are 111 00:11:04,370 --> 00:11:10,050 also vulnerabilities in AnyConnect. However, excluding the third-party 112 00:11:10,050 --> 00:11:15,770 vulnerabilities, the category of most vulnerabilities affecting AnyConnect would 113 00:11:15,770 --> 00:11:21,510 be privilege escalations. Closely followed by denial of service attacks, which are 114 00:11:21,510 --> 00:11:26,110 often directed against the running application in order to disrupt the VPN 115 00:11:26,110 --> 00:11:33,110 connection. Overflow vulnerabilities or version downgrades 116 00:11:33,110 --> 00:11:37,920 These results gave us a little insight about the flaws of the past. 117 00:11:37,920 --> 00:11:43,279 Matthias: So before we will pass over to the reversing parts, we want to give you a 118 00:11:43,279 --> 00:11:50,540 quick experience report regarding Cisco's licensing support. Cisco ASA is a typical 119 00:11:50,540 --> 00:11:55,589 server endpoint for Cisco AnyConnect, which is available as hardware appliance 120 00:11:55,589 --> 00:12:03,430 and also as a virtual version running on, for example, VMware. At the beginning of 121 00:12:03,430 --> 00:12:08,089 our research, we tried to obtain an official evaluation license for Cisco 122 00:12:08,089 --> 00:12:14,270 ASAv, while never hiding the purpose of wanting to use it for security research. 123 00:12:14,270 --> 00:12:21,290 Therefore our naive approach was to just write the Cisco licensing support. It was 124 00:12:21,290 --> 00:12:25,880 more or less like: Hi, we are doing security research on the Cisco AnyConnect 125 00:12:25,880 --> 00:12:32,130 clients. Could you offer us free evalution licenses for Cisco ASAv? Cisco replied: 126 00:12:32,130 --> 00:12:38,220 Sure. Please let me know the amount of licenses that you need. At that point, we 127 00:12:38,220 --> 00:12:43,290 were a bit surprised because it just seemed a bit too easy. But then we had 128 00:12:43,290 --> 00:12:50,170 three 60-day licenses added to our account. But as soon as we tried to 129 00:12:50,170 --> 00:12:55,940 download the ASAv image for VirtualBox, we got this error. Maybe some kind of error 130 00:12:55,940 --> 00:13:00,930 on the license was not applied correctly, because if you have the license for 131 00:13:00,930 --> 00:13:06,209 products, you can of course download it, right? Um yeah, but it seemed that our 132 00:13:06,209 --> 00:13:11,090 approach was a little bit naive and we underrated the complexity of enterprise 133 00:13:11,090 --> 00:13:20,939 software licensing. So it was a bit unsatisfying. But we had an idea. We asked 134 00:13:20,939 --> 00:13:26,120 the data center of our university for help as university was using Cisco AnyConnect 135 00:13:26,120 --> 00:13:32,829 too. But we never got any response. We still had some options, but at some point 136 00:13:32,829 --> 00:13:38,540 we just gave up. G: As there is no proper documentation for 137 00:13:38,540 --> 00:13:44,230 AnyConnect yet, it was initially necessary to understand the application and to 138 00:13:44,230 --> 00:13:49,690 filter out its central components. Therefore, we had no choice but to reverse 139 00:13:49,690 --> 00:13:58,649 engineer the application. We analyzed the application files and network traffic. 140 00:13:58,649 --> 00:14:03,980 In order to better understand the applica- tion we used standard tools like Ghidra 141 00:14:03,980 --> 00:14:09,560 for static code analysis. The Ghidra is able to decompile the source code of the 142 00:14:09,560 --> 00:14:15,899 compiled binary or library. For dynamic application analysis we used tools like 143 00:14:15,899 --> 00:14:22,740 Frida, Burp and Wireshark. Frida can be used to attach to running processes and to 144 00:14:22,740 --> 00:14:28,470 understand the program flow. Burp was used as a proxy to view and modify https 145 00:14:28,470 --> 00:14:35,899 messages, and Wireshark is used to capture and decrypt message traffic. Let's take a 146 00:14:35,899 --> 00:14:41,390 closer look at the binaries of all the files first. AnyConnect comes with a large 147 00:14:41,390 --> 00:14:45,890 number of binaries. While reversing we could identify three central parts of the 148 00:14:45,890 --> 00:14:52,160 application: vpnui is a binary a user interacts with. It offers the graphical 149 00:14:52,160 --> 00:14:58,570 user interface, where the user can make simple settings or initiate a VPN 150 00:14:58,570 --> 00:15:05,339 connection. The second binary is vpnagentd. It runs as a daemon in the 151 00:15:05,339 --> 00:15:11,670 background at all times, even when no VPN connection is open. The special thing 152 00:15:11,670 --> 00:15:17,680 about vpnagentd is that it runs as a root process and always listens on a static 153 00:15:17,680 --> 00:15:25,130 port. Its purpose is to set up the VPN tunnel and the network configuration of 154 00:15:25,130 --> 00:15:32,899 the host system. This includes setting up routes or DNS servers. The third and last 155 00:15:32,899 --> 00:15:38,040 binary is the vpndownloader. As the name hints, the purpose of the binary is to 156 00:15:38,040 --> 00:15:43,570 download additional files when establishing a VPN connection. This 157 00:15:43,570 --> 00:15:51,020 includes VPN profiles, help files and scripts. The binary exchanges data with 158 00:15:51,020 --> 00:15:59,819 each other via inter-process communication or short IPC. The IPC takes place via TCP 159 00:15:59,819 --> 00:16:05,840 sockets. The binary data format for - that Cisco has defined is used to exchange the 160 00:16:05,840 --> 00:16:15,670 messages on the TCP sockets. In addition to the binaries, AnyConnect also contains 161 00:16:15,670 --> 00:16:20,960 numerous libraries. Many of them are ports of existing open source libraries like 162 00:16:20,960 --> 00:16:29,620 OpenSSL. The most important libraries are shown on this slide: libvpnapi.so contains 163 00:16:29,620 --> 00:16:35,670 interfaces and functions for the backend logic of user interfaces. The goal of the 164 00:16:35,670 --> 00:16:41,089 library is that it com - that companies can create their own VPN applications 165 00:16:41,089 --> 00:16:47,240 using the AnyConnect infrastructure. It is the only library for which documentation 166 00:16:47,240 --> 00:16:54,420 is actually provided by Cisco. Libvpncommoncrypt serves as a wrapper for 167 00:16:54,420 --> 00:17:01,430 OpenSSL and NSS libraries. NSS is similar to OpenSSL and is used by browsers like 168 00:17:01,430 --> 00:17:07,860 Mozilla Firefox to enable SSL and TLS connections. It also provides its own 169 00:17:07,860 --> 00:17:16,709 certificate store. Libvpncommon is another central library used by all binaries. It 170 00:17:16,709 --> 00:17:23,189 provides classes and functions for the IPC logic. It can be used to create, send or 171 00:17:23,189 --> 00:17:30,290 validate lPC messages. The next library, libvpnagentutilities, contains classes and 172 00:17:30,290 --> 00:17:36,700 functions that handle critical operations, such as host network settings. This 173 00:17:36,700 --> 00:17:45,150 library is only used by vpnagentd. Besides the binaries and libraries there are a 174 00:17:45,150 --> 00:17:51,720 variety of other relevant files that we have taken a closer look at. AnyConnect 175 00:17:51,720 --> 00:17:59,420 offers an AnyConnect local policy XML file. This file regulates various security 176 00:17:59,420 --> 00:18:04,420 configurations. For instance, it can be used to specify that no further files may 177 00:18:04,420 --> 00:18:11,740 be downloaded or that version updates may be carried out by a VPN server. In its 178 00:18:11,740 --> 00:18:15,840 default configuration it is very permissive so that almost everything is 179 00:18:15,840 --> 00:18:20,911 allowed. The file is not overwritten by updates and cannot be modified by VPN 180 00:18:20,911 --> 00:18:30,830 servers. The VPN profile is also in XML format: it contains further settings. The 181 00:18:30,830 --> 00:18:36,960 green highlighted line shows an EnableScripting-tag with a boolean value 182 00:18:36,960 --> 00:18:43,820 of false. Indicating that scripts should not be executed by the host system. 183 00:18:43,820 --> 00:18:50,200 Profile files are distributed by a VPN server. And are overwritten the next time 184 00:18:50,200 --> 00:19:00,450 a user connects and changes them. The last file is VPNManifest.dat which has a binary 185 00:19:00,450 --> 00:19:05,940 data format that contains the version number of AnyConnect. This file is used to 186 00:19:05,940 --> 00:19:11,800 check the installed version of AnyConnect before an version update. In addition to 187 00:19:11,800 --> 00:19:19,290 all these files, the message traffic also plays a central role. The establishment of 188 00:19:19,290 --> 00:19:24,870 a VPN connection is structured in three phases. Phase one is the authentication. 189 00:19:24,870 --> 00:19:33,750 The user enters the IP or domain of a VPN server in vpnui. The target server is then 190 00:19:33,750 --> 00:19:41,490 sent via IPC message to vpnagentd. As a response vpnui receives various system 191 00:19:41,490 --> 00:19:48,679 information back. This includes the operating system or a whole study. 192 00:19:48,679 --> 00:19:53,790 Afterwards this information and the credentials are sent to the VPN server 193 00:19:53,790 --> 00:20:04,160 with HTTPS. The ASA returns server parameters in a HTTPS response. Let's take 194 00:20:04,160 --> 00:20:10,150 a closer look at the request and the response. On the left side, you can see 195 00:20:10,150 --> 00:20:15,840 the request. It is an ordinary post request with an XML in which the 196 00:20:15,840 --> 00:20:22,220 credentials are transferred. The credentials are marked in green. 197 00:20:22,220 --> 00:20:28,130 On the right side we see the response. The response contains the session token, which 198 00:20:28,130 --> 00:20:33,420 is also marked in green. In addition, the response contains the URLs to all 199 00:20:33,420 --> 00:20:40,210 downloadable files and the hashes. The orange marked string is one of the 200 00:20:40,210 --> 00:20:47,580 downloadable files. The download phase is the second phase of the VPN connection set 201 00:20:47,580 --> 00:20:55,620 up. First vpnui executes the vpndownloader binary. Then the server parameters from 202 00:20:55,620 --> 00:21:03,144 the previous HTTPS response are transferred to the vpndownloader via IPC. 203 00:21:03,144 --> 00:21:09,620 The URLs are extracted from the IPC message and when the files are downloaded 204 00:21:09,620 --> 00:21:18,310 to a temporary directory via HTTPS. The downloader process informs the vpnagentd 205 00:21:18,310 --> 00:21:24,320 via IPC to move the files to the application directory. In the third and 206 00:21:24,320 --> 00:21:31,010 final phase of VPN connection set up, vpnui sends an IPC message to vpnagentd 207 00:21:31,010 --> 00:21:36,850 with the request to establish a VPN tunnel. Subsequently, the exchange of 208 00:21:36,850 --> 00:21:44,145 tunnel parameters takes place via HTTPS. After the parameters have been set by 209 00:21:44,145 --> 00:21:50,640 vpnagentd the VPN session continues. Let's take a closer look at the tunnel 210 00:21:50,640 --> 00:21:57,970 parameters. On the left side, we can see the request. In the first line you can 211 00:21:57,970 --> 00:22:03,990 observe the HTTP connect method. Usually this method is used to proxies to forward 212 00:22:03,990 --> 00:22:10,080 the request to the target server. Within the request, the session token is 213 00:22:10,080 --> 00:22:15,530 specified in the cookie header. This is the same session token we received in the 214 00:22:15,530 --> 00:22:22,330 authentication phase. The different tunnel parameters transmitted in separate HTTP 215 00:22:22,330 --> 00:22:30,160 headers. The part marked in red represents the local IP address of the host. On the 216 00:22:30,160 --> 00:22:35,660 right, you can see a response to the request. For example, the X-CSTP-Address 217 00:22:35,660 --> 00:22:43,470 header contains the IP address that the host should apply on its tunnel interface. 218 00:22:43,470 --> 00:22:50,060 In the part marked in red we now also see the DNS server for the VPN 219 00:22:50,060 --> 00:22:56,090 connection. In addition, the address ranges that should be routed via the VPN 220 00:22:56,090 --> 00:23:04,402 server as specified in the X-CSTP-Split- Include header. Now that we have a general 221 00:23:04,402 --> 00:23:09,569 understanding of the application, let's move on to the vulnerability research. We 222 00:23:09,569 --> 00:23:15,919 have performed an design analysis for AnyConnect in which we looked at the IPC 223 00:23:15,919 --> 00:23:21,729 messages in more detail. We need to define certain security assumptions and an 224 00:23:21,729 --> 00:23:26,400 attacker model before we search for vulnerabilities. This slide shows several 225 00:23:26,400 --> 00:23:33,020 of our assumptions. Cryptographic algorithms within the application are 226 00:23:33,020 --> 00:23:39,460 considered secure and cannot be broken in exponential time. An attacker cannot read 227 00:23:39,460 --> 00:23:44,679 or modify messages regardless of their position, and we assume that the VPN 228 00:23:44,679 --> 00:23:51,170 server does not pursue any malicious intent and only sends valid messages that 229 00:23:51,170 --> 00:23:56,780 are protocol compliant. We assume a local attacker who is already able to execute 230 00:23:56,780 --> 00:24:01,460 commands on the system and the attackers goal is to compromise the confidentiality, 231 00:24:01,460 --> 00:24:08,340 integrity and availability of the system or application. Privilege escalation 232 00:24:08,340 --> 00:24:13,830 vulnerabilities are also covered since they allow an attacker to compromise these 233 00:24:13,830 --> 00:24:20,550 three security objectives. Cisco decided to include an auto update feature in the 234 00:24:20,550 --> 00:24:27,929 application. AnyConnect is able to receive AnyConnect updates through a VPN server 235 00:24:27,929 --> 00:24:32,470 without any user interaction. In its default configuration AnyConnect can be 236 00:24:32,470 --> 00:24:38,740 updated by a VPN server that offers a newer version. From a security 237 00:24:38,740 --> 00:24:44,950 researcher's perspective auto update sounds promising, right? So let's take a 238 00:24:44,950 --> 00:24:49,510 closer look at the auto update feature. First, the vpndownloader downloads an 239 00:24:49,510 --> 00:24:57,010 executable installer and the shell script called vpndownloader.sh. Then 240 00:24:57,010 --> 00:25:03,630 vpndownloader.sh is executed. The Shell script contains an archive and unpacks 241 00:25:03,630 --> 00:25:09,380 itself to extract a new version of the vpndownloader. An IPC message is then sent 242 00:25:09,380 --> 00:25:15,740 to the vpnagentd asking it to start the installer. The vpnagentd does not start 243 00:25:15,740 --> 00:25:21,429 the installer directly. Instead the vpnagentd calls the vpndownloader with 244 00:25:21,429 --> 00:25:28,059 root privileges, which in turn calls the installer. Before executing the installer 245 00:25:28,059 --> 00:25:35,100 vpndownloader verifies and validates it. We got an idea: Is it possible to install 246 00:25:35,100 --> 00:25:40,909 an outdated version through forged IPC messages? As shown in the picture the 247 00:25:40,909 --> 00:25:47,780 attacker needs an old signed installer and sends the IPC message to vpnagentd asking 248 00:25:47,780 --> 00:25:53,679 to execute the old installer. The vpnagentd calls the vpndownloader as 249 00:25:53,679 --> 00:25:58,710 usual, which in turn calls the attacker's installer. There is no check whether the 250 00:25:58,710 --> 00:26:05,289 installer is more recent than the installed version. This makes the version 251 00:26:05,289 --> 00:26:10,720 downgrade therefore possible. The advantage of downgrading to an outdated 252 00:26:10,720 --> 00:26:15,650 version is that an attacker could force the installation of a version which 253 00:26:15,650 --> 00:26:21,179 suffers from security vulnerabilities and the attacker could then exploit these 254 00:26:21,179 --> 00:26:28,520 vulnerabilities. We reported the vulnerability to Cisco's product incident 255 00:26:28,520 --> 00:26:34,020 response team and it was fixed at the end of September. The vulnerability only 256 00:26:34,020 --> 00:26:42,390 received a CVSS score of 3.1 and was therefore rated with a low severity. The 257 00:26:42,390 --> 00:26:47,959 vulnerability was only exploitable in the Linux version. Windows and Mac versions 258 00:26:47,959 --> 00:26:54,600 were already secured against such an attack. Another functionality we had - we 259 00:26:54,600 --> 00:26:59,720 have looked into is the deployment and execution of scripts. They call it "Bring 260 00:26:59,720 --> 00:27:05,730 your own script". This functionality is intended to deploy very helpful scripts to 261 00:27:05,730 --> 00:27:11,350 staff computers. In order for a script to be executed, it must meet two criterias. 262 00:27:11,350 --> 00:27:16,880 First, it must be located in the script folder and begin with OnConnect or 263 00:27:16,880 --> 00:27:24,150 OnDisconnect as a file name. Second, the EnableScripting tag in profile which is 264 00:27:24,150 --> 00:27:31,760 sent by the server must be set to true. Depending on the file name, scripts are 265 00:27:31,760 --> 00:27:37,002 triggered after VPN connection is established and terminated. As VPN server 266 00:27:37,002 --> 00:27:42,980 can distribute profiles in which the execution of scripts is enabled and also 267 00:27:42,980 --> 00:27:48,289 distributes the scripts: these two in combination allow VPN server to gain 268 00:27:48,289 --> 00:27:54,410 remote code execution on the connecting clients. This functionality poses a major 269 00:27:54,410 --> 00:27:59,299 problem because humans often need to trust the university's VPN servers and have no 270 00:27:59,299 --> 00:28:05,539 other choice. But let's take a closer look at the distribution of the scripts. Here 271 00:28:05,539 --> 00:28:11,850 we see the classic procedure of a script distribution. In the download phase, 272 00:28:11,850 --> 00:28:19,171 vpndownloader downloads an OnConnect or an OnDisconnect script. Then vpndownloader 273 00:28:19,171 --> 00:28:25,419 asks with IPC message to move the downloaded script to the script folder. 274 00:28:25,419 --> 00:28:32,570 The vpnagentd process calls the vpndownloader, which then moves the file. 275 00:28:32,570 --> 00:28:36,670 We systematically examined the IPC messages and found a vertical privilege 276 00:28:36,670 --> 00:28:43,100 escalation. An attacker is able to send the same message to the vpnagentd process. 277 00:28:43,100 --> 00:28:48,350 Any of the attacker's scripts can be moved into the script directory. If there is 278 00:28:48,350 --> 00:28:52,970 already a script in the script folder, it is simply overwritten. If the attacker 279 00:28:52,970 --> 00:28:58,620 moves On, an OnDisconnect script while the user is already - has a VPN connection 280 00:28:58,620 --> 00:29:04,610 open, the script is executed with user privileges. When the VPN connection is 281 00:29:04,610 --> 00:29:13,220 closed, first unprivileged user can obtain code execution context of another user. 282 00:29:13,220 --> 00:29:18,450 What bothered us about our attack was that it is - was tied to conditions. One of the 283 00:29:18,450 --> 00:29:24,040 conditions was that the EnableScripting tag must have the boolean value "True". We 284 00:29:24,040 --> 00:29:29,020 considered other attack scenarios and came up with the idea of distributing a profile 285 00:29:29,020 --> 00:29:34,620 ourselves. So we check for the tag again, but create not only a script, but also a 286 00:29:34,620 --> 00:29:41,210 VPN profile that allows scripting. The attack works as follows: while a local 287 00:29:41,210 --> 00:29:45,580 user has a VPN session active, another user on the system creates a malicious 288 00:29:45,580 --> 00:29:50,539 script and a new profile. The new profile contains the EnableScripting tag set to 289 00:29:50,539 --> 00:29:57,059 "True". The attacker then sends an IPC message to the vpnagentd requesting to 290 00:29:57,059 --> 00:30:03,029 copy the script to the script directory. The vpndownloader is then started with 291 00:30:03,029 --> 00:30:10,990 root permissions to perform the copy operation. Also, the attacker can send an 292 00:30:10,990 --> 00:30:17,039 additional IPC message to vpnagentd requesting to overwrite the 293 00:30:17,039 --> 00:30:24,809 existing profile with a malicious profile. Although the profile is overwritten the 294 00:30:24,809 --> 00:30:29,109 settings of a new profile are not applied yet, because the old profile is still 295 00:30:29,109 --> 00:30:34,950 active. However, we were able to determine that the new profile is loaded when 296 00:30:34,950 --> 00:30:41,503 there's a reconnect on the VPN session. Reconnects are actually quite common in 297 00:30:41,503 --> 00:30:46,329 the AnyConnect. If reconnect happens the new profile is loaded and applied. In our 298 00:30:46,329 --> 00:30:51,230 case, it enables the scripting feature. After teardown of a VPN connection the 299 00:30:51,230 --> 00:30:56,490 malicious OnDisconnect script of the attacker is executed with the privileges 300 00:30:56,490 --> 00:31:03,010 of the user running the VPN client. Both problems were reported to Cisco, but could 301 00:31:03,010 --> 00:31:07,580 not be fixed by the disclosure date. Although we extended the disclosure 302 00:31:07,580 --> 00:31:12,020 deadline. As of today the vulnerability is still present with the default 303 00:31:12,020 --> 00:31:18,029 configuration of AnyConnect. Cisco published this vulnerability with a CVSS 304 00:31:18,029 --> 00:31:25,910 of 7-1, 7.1, which is considered as a high severity. Because it was published on the 305 00:31:25,910 --> 00:31:32,340 4th of November 2020 without a fix, the vulnerability got major attention in many 306 00:31:32,340 --> 00:31:42,410 news sites. Various sites reported the vulnerability. The quality of reports 307 00:31:42,410 --> 00:31:47,410 varied. Some of the articles contained incorrect information, for example, it was 308 00:31:47,410 --> 00:31:52,820 stated that an exploit was already in circulation. It is not accurate since we 309 00:31:52,820 --> 00:31:57,990 are the only ones who have a working exploit and have not published it yet. We 310 00:31:57,990 --> 00:32:03,190 could not find any other exploit on the Internet either. I think that the way of 311 00:32:03,190 --> 00:32:09,539 reporting - this way of reporting has to be reconsidered because it has caused a so 312 00:32:09,539 --> 00:32:15,450 wrong assessment of vulnerability. We were even contacted by some incident response 313 00:32:15,450 --> 00:32:21,370 teams that were worried about their infrastructure. All vulnerabilities found 314 00:32:21,370 --> 00:32:25,130 and reported are listed in the table below. The three vulnerabilities were 315 00:32:25,130 --> 00:32:30,350 found by design analysis. Only one of the vulnerabilities is fixed, according to 316 00:32:30,350 --> 00:32:37,980 Cisco. Especially the Bring Your Own Script vulnerabilities have already been 317 00:32:37,980 --> 00:32:42,760 published, although no fix is available for them, a workaround has been declared 318 00:32:42,760 --> 00:32:49,860 to fix the vulnerabilities. By modifying the local policy file the download phase 319 00:32:49,860 --> 00:32:54,450 can be skipped completely. Since the latest update it's also possible to 320 00:32:54,450 --> 00:32:59,679 prohibit the download and deployment of scripts on a modular basis. 321 00:32:59,679 --> 00:33:05,309 M: And what about mobile platforms? Do our discovered vulnerabilities also apply 322 00:33:05,309 --> 00:33:11,720 here? Let's make it quick. No. Mobile platforms are lacking many features 323 00:33:11,720 --> 00:33:15,740 compared to the Linux, Windows and macOS versions. You're, of course, able to 324 00:33:15,740 --> 00:33:20,730 establish TLS and IPsec connections, just like with all the other clients. But 325 00:33:20,730 --> 00:33:24,649 because features like the deployment of custom scripts or auto update is missing, 326 00:33:24,649 --> 00:33:30,010 there's no way of using these exploits on mobile platforms. We are currently having 327 00:33:30,010 --> 00:33:35,000 a look into the iOS implementation of AnyConnect and therefore want to give you 328 00:33:35,000 --> 00:33:41,430 a quick and high level overview into the architecture. As we are dealing with Apple 329 00:33:41,430 --> 00:33:45,570 here, serious stuff like the implementation of the VPN is a bit 330 00:33:45,570 --> 00:33:51,929 different compared to, for example, the Linux client. If you want to mess with 331 00:33:51,929 --> 00:33:56,399 notifications, add sharing buttons or create a widget on the homescreen, you 332 00:33:56,399 --> 00:34:01,740 have to use an app extension. Equally for VPN functionality, you have to use the 333 00:34:01,740 --> 00:34:08,429 network extension framework. The network extensions contain providers and features 334 00:34:08,429 --> 00:34:14,099 for all kind of network related operations like for content filtering, DNS, Wi-Fi and 335 00:34:14,099 --> 00:34:18,940 more. If you want to build your own VPN app, you have to choose between the 336 00:34:18,940 --> 00:34:25,839 Personal VPN, the Packet Tunnel Provider and the App Proxy Provider. In our case 337 00:34:25,839 --> 00:34:30,079 the AnyConnect on iOS implements the Packet Tunnel Provider as they are using 338 00:34:30,079 --> 00:34:38,279 their own packet oriented protocol. Here you can see the contents of the AnyConnect 339 00:34:38,279 --> 00:34:43,469 app package, which is basically a zip file containing all the executables and other 340 00:34:43,469 --> 00:34:49,819 assets like images, etc.. The main executable is just called AnyConnect. The 341 00:34:49,819 --> 00:34:56,209 network extension is implemented in the ACExtension binary. Beside these, there 342 00:34:56,209 --> 00:35:01,799 are also several other app extension implementations for the iOS sharing and 343 00:35:01,799 --> 00:35:08,910 Siri functionality. So what happens if you pressed the connect slider? After you hit 344 00:35:08,910 --> 00:35:13,329 the slider, the network extension is started and negotiation of the VPN session 345 00:35:13,329 --> 00:35:19,059 begins. After a section of network information like IP addresses, subnet 346 00:35:19,059 --> 00:35:23,130 mask, routes, DNS, MTU and more they are passed to the iOS system to complete the 347 00:35:23,130 --> 00:35:29,390 negotiation. In the end, you have a new and hopefully functional tunnel interface 348 00:35:29,390 --> 00:35:36,930 called utun. So new traffic from apps pass through the network stack until it arrives 349 00:35:36,930 --> 00:35:41,619 at the tunnel interface. It can then be handled by the network extensions' Packet 350 00:35:41,619 --> 00:35:48,269 Tunnel Provider. Every time a packet arrives on a tunnel interface, it is read 351 00:35:48,269 --> 00:35:54,191 by the network extension and encapsulated with the tunneling protocol. Every time a 352 00:35:54,191 --> 00:35:59,020 packet arrives on the tunnel interface, it is read by the network extension and 353 00:35:59,020 --> 00:36:04,660 encapsulated with the tunneling protocol. Upon arrival on the VPN server, the packet 354 00:36:04,660 --> 00:36:10,150 is decapsulated and sent to its final destination. Similar the replies then 355 00:36:10,150 --> 00:36:14,690 encapsulate sent to the client, which then decapsulates the packet and injects it 356 00:36:14,690 --> 00:36:20,499 back to the network stack. So that's should be it for the iOS clients, just to 357 00:36:20,499 --> 00:36:23,829 give you a quick overview and highlight some key differences between the 358 00:36:23,829 --> 00:36:30,930 architectures. We are still investigating both Linux and iOS platforms, but until 359 00:36:30,930 --> 00:36:35,700 now, we can summarize our findings as follows: AnyConnect in general is a huge 360 00:36:35,700 --> 00:36:42,530 application with lots of code and also lots of unused library related code. We 361 00:36:42,530 --> 00:36:48,510 discovered three vulnerabilities through design analysis. Vpnagentd runs with root 362 00:36:48,510 --> 00:36:53,529 permissions and receives commands or operations from unprivileged processes via 363 00:36:53,529 --> 00:36:59,549 unauthenticated IPC messages, which is generally a bit risky. Not all security 364 00:36:59,549 --> 00:37:03,999 mechanisms and patches are actually included on all platforms. For example, 365 00:37:03,999 --> 00:37:08,619 the downgrade was only possible on Linux and already patched on Windows and macOS 366 00:37:08,619 --> 00:37:14,369 according to Cisco. The downgrade vulnerability is not possible on mobile, 367 00:37:14,369 --> 00:37:19,430 as auto update feature is limited to Linux, Windows and macOS. Similar, the 368 00:37:19,430 --> 00:37:24,119 Bring Your Own Script does also not apply in mobile, as deployment of OnConnect and 369 00:37:24,119 --> 00:37:29,180 OnDisconnect script is also limited to Linux, Windows and macOS. Regarding the 370 00:37:29,180 --> 00:37:34,009 local policy file on Linux, our idea would be to make it as restrictive as possible 371 00:37:34,009 --> 00:37:39,219 and require some kind of opt-in for scripting functionality. As this would 372 00:37:39,219 --> 00:37:44,140 prevent many attacks but of course, it would also impact the usability a bit. 373 00:37:44,140 --> 00:37:48,779 Despite the app being available since many years, we show that there are still many 374 00:37:48,779 --> 00:37:54,279 bugs to find. The introduction of bug bounties would be a great option to 375 00:37:54,279 --> 00:38:00,859 motivate more security researchers to check the application for vulnerabilities. 376 00:38:00,859 --> 00:38:06,799 The use of VPN promises security and privacy for users, however closed source 377 00:38:06,799 --> 00:38:11,049 software opens new attack vectors on a system as our research on AnyConnect 378 00:38:11,049 --> 00:38:16,559 shows. We hope that more research will be done on clients in the future and that our 379 00:38:16,559 --> 00:38:24,460 work will pave the way for this. So that was it. Thank you very much for your 380 00:38:24,460 --> 00:38:29,610 attention and if you have any questions, feel free to ask. 381 00:38:30,700 --> 00:38:35,599 H: Well, welcome back. So that was the pre-recording of the super interesting 382 00:38:35,599 --> 00:38:41,239 talk about Very Pwnable Networks. I'm sure you've seen how pwnable they really are 383 00:38:41,239 --> 00:38:48,630 and luckily, we now have Jiska and Gerbert and Matthias with us today through the 384 00:38:48,630 --> 00:38:56,499 magic of the Internet. And if you haven't written out your question yet, please do 385 00:38:56,499 --> 00:39:05,869 so now so we can still answer them. Either by going to the IRC channel rc3-cwtv on 386 00:39:05,869 --> 00:39:12,219 the hackened network or just posting a tweet or a toot with your favorite social 387 00:39:12,219 --> 00:39:19,490 media network of choice containing the hashtag #rc3cwtv this time without any 388 00:39:19,490 --> 00:39:27,629 dash, very important. So our Signal Angel has collected some questions for us that I 389 00:39:27,629 --> 00:39:33,280 am now going to be torturing the three people here with. So let's see what you 390 00:39:33,280 --> 00:39:41,799 will say to those. Oh, but I think pretty, pretty tame, huh? So first question: is 391 00:39:41,799 --> 00:39:45,839 there any page or wiki where this information can be found? 392 00:39:45,839 --> 00:39:53,150 G: At the moment, it is not published yet. I think we will publish - publish it in 393 00:39:53,150 --> 00:39:58,952 near future on the GitHub or some similar platform. 394 00:39:58,952 --> 00:40:02,940 H: Is there any way that people can find this link then when you eventually will 395 00:40:02,940 --> 00:40:07,630 publish it in the future? G: I think Jiska can say something to this 396 00:40:07,630 --> 00:40:10,579 J: Yeah so SEEMOO has a GitHub page and 397 00:40:10,579 --> 00:40:16,249 also a Twitter account, so it will be published. But I mean, there's still a few 398 00:40:16,249 --> 00:40:21,680 things that we didn't like - that are not public yet. So yeah, and then we would 399 00:40:21,680 --> 00:40:27,420 just make one release not like this CVE and that CVE, but like all at once. 400 00:40:27,420 --> 00:40:31,519 H: Yeah. Make - makes more of an impact this way and also better, better 401 00:40:31,519 --> 00:40:38,160 disclosure. I like that. And the next question is: will this VPN event only be 402 00:40:38,160 --> 00:40:46,420 about Cisco? So yes, you've only looked at Cisco, right? In this case. Um, maybe you 403 00:40:46,420 --> 00:40:50,729 can tell us something if maybe you have looked at other VPN vendors as to 404 00:40:50,729 --> 00:40:55,589 something that other VPN vendors might have an issue with as well? Maybe. 405 00:40:55,589 --> 00:41:01,670 M: Yeah, we've done this research as part of a master's thesis, and therefore it's 406 00:41:01,670 --> 00:41:10,059 only about Cisco AnyConnect and yeah, we did not have the time to - or yeah. Yeah. 407 00:41:10,059 --> 00:41:14,408 To look at other VPN services, just for the AnyConnect. 408 00:41:14,408 --> 00:41:19,630 H: Yeah, the typical Master's view writing it hyped up on coffee for the last few 409 00:41:19,630 --> 00:41:25,190 weeks before the deadline. Yeah, I can imagine that you focused on Cisco there. 410 00:41:25,190 --> 00:41:30,630 Uum, another very good question: Are these vulnerabilities also present in other - in 411 00:41:30,630 --> 00:41:35,039 other AnyConnect-like clients like the ones integrated into NetworkManager in 412 00:41:35,039 --> 00:41:40,309 Linux? I think they're talking especially about OpenConnect. Yeah, that's just 413 00:41:40,309 --> 00:41:45,749 coming in. Umm, we talked about this before a little bit so you probably have 414 00:41:45,749 --> 00:41:50,210 something to say about that. G: As far as we know there's - in 415 00:41:50,210 --> 00:41:56,999 OpenConnect there is no scripting - scripting feature enabled or integrated. 416 00:41:56,999 --> 00:42:03,630 So we would say this kind of attacks are not yet possible, but uh - 417 00:42:03,630 --> 00:42:10,559 M: That would be possible if someone is able to check this and, yeah, have a look 418 00:42:10,559 --> 00:42:15,680 into OpenConnect too, yeah. H: Hmm, yeah, not yet known to be 419 00:42:15,680 --> 00:42:24,059 possible. Let's - let's say it like that. You never know. Any other questions from 420 00:42:24,059 --> 00:42:31,439 chat, from Twitter or Mastodon? Now's the time. Give out your questions. Otherwise, 421 00:42:31,439 --> 00:42:40,480 this would have been a very short Q&A. So if you go to the rc3-cwtv channel on the 422 00:42:40,480 --> 00:42:49,319 hackened IRC network or post a tweet or a toot with the hashtag #rc3cwtv this time 423 00:42:49,319 --> 00:42:56,150 without any dash. Umm, do it now, and hopefully I will still catch this 424 00:42:56,150 --> 00:43:00,890 through the magic of the Signal Angel that is collecting all this information for me. 425 00:43:00,890 --> 00:43:05,549 And yeah, maybe anything that you want to add or any other new topics that you're 426 00:43:05,549 --> 00:43:09,339 working on, something that might be upcoming. Maybe we can get a sneak 427 00:43:09,339 --> 00:43:13,589 preview. I'm sure you're still continuing the research there - and 428 00:43:13,589 --> 00:43:15,799 J: Sorry I needed to unmute myself. Not 429 00:43:15,799 --> 00:43:20,249 spoilering yet but I mean, the issue like just looking into one VPN client it's 430 00:43:20,249 --> 00:43:25,838 also, if it is proprietary, then just reversing is a lot, a lot, a lot of work. 431 00:43:25,838 --> 00:43:32,630 I mean, I can tell you a story about like, looking into binaries for months, and so 432 00:43:32,630 --> 00:43:37,819 it doesn't really scale to look into like 10 different clients, at least if you want 433 00:43:37,819 --> 00:43:44,479 to have meaningful findings. H: Yeah, but like you don't have any any 434 00:43:44,479 --> 00:43:51,349 other plans to, you know, look at any other clients that get any requests or any 435 00:43:51,349 --> 00:43:56,609 triggers that would point you there. Maybe having a new phone and a new client and 436 00:43:56,609 --> 00:44:02,309 noticing new strange things? No? - Okay. G: Not yet. 437 00:44:02,309 --> 00:44:06,010 J: Yeah. G: But, but yes, Matthias is still working 438 00:44:06,010 --> 00:44:10,930 on it. I think he will find something in the future. M: hopefully. 439 00:44:10,930 --> 00:44:21,039 H: Yeah. Yeah. I guess that's pretty much all the last questions, except one: There 440 00:44:21,039 --> 00:44:26,339 are two shadows behind you Jiska, is that the shadow cabinet? 441 00:44:26,339 --> 00:44:29,629 J: No, no, no. I just have multiple lamps here. So - 442 00:44:29,629 --> 00:44:31,476 H: Yeah, yeah, it's funny everyone 443 00:44:31,476 --> 00:44:34,509 J: At least it's only showing my shadow duplicate. Not - not me. 444 00:44:34,509 --> 00:44:39,739 H: Yeah. But we're quite lucky that at least in this talk, the connection seems 445 00:44:39,739 --> 00:44:46,089 to be working fine. We've been having some issues here. Yeah, but that's great. If 446 00:44:46,089 --> 00:44:51,280 you have any other questions, I think we'll wrap it up here not to keep you 447 00:44:51,280 --> 00:44:57,420 around much longer. I'm sure you're eager to jump around the rc3 world, and if you 448 00:44:57,420 --> 00:45:03,469 have anything else, maybe you can join us in the IRC later. If there are any other 449 00:45:03,469 --> 00:45:08,859 questions, maybe they will look there for a short while or I will forward those 450 00:45:08,859 --> 00:45:12,239 questions. Right then. J: Thank you. 451 00:45:12,239 --> 00:45:16,569 H: I thank you very much for the super interesting talk. I learned something new 452 00:45:16,569 --> 00:45:20,809 about the VPN client that I came into contact with during my work time as well. 453 00:45:20,809 --> 00:45:28,169 So interesting for me too. And yeah, let's keep it at that. 454 00:45:28,169 --> 00:45:35,749 *postroll music* 455 00:45:35,749 --> 00:45:52,559 Subtitles created by c3subtitles.de in the year 2022. Join, and help us! 456 00:45:52,559 --> 00:45:59,000 [Translated by {Iikka}{Yli-Kuivila} (ITKST56 course assignment at JYU.FI)]