Reply

Re: SHA-1 has been officially broken, FVS devices don't support SHA-2

train_wreck
Luminary

SHA-1 has been officially broken, FVS devices don't support SHA-2

I replied to an "Idea Exchange" post, but figured I would post this here as well.

 

SHA-1 has been successfully shown to have weaknesses. The Github repository website suffered a data corruption recently that was due to SHA-1 collisions. As of now, there is no support for any VPN hashing algorithm higher than SHA-1, in either the P1/P2 transport algorithms or the certificate. This makes the device too insecure to use for VPN purposes. Google, Microsoft, SSLabs, and many other security organizations have been warning about this for over 6 years......

 

This needs to be fixed! I get it, the FVS firmware hasn't had any major feature updates in a long time, so if you're just waiting until the next hardware rev to fix this, please at least respond & say so.

 

Thanks!

Model: FVS318G|ProSafe Gigabit 8 Port VPN Firewall,FVS318N|ProSafe Wireless N 8 port gigabit VPN firewall,FVS336Gv3|ProSafe dual WAN gigabit firewall with SSL and IPSec VPN
Message 1 of 11
DaneA
NETGEAR Moderator

Re: SHA-1 has been officially broken, FVS devices don't support SHA-2

Hi train_wreck,

 

Thanks for posting this information.  This has been raised to the engineering team.

 

 

Regards,

 

DaneA

NETGEAR Community Team 

Message 2 of 11
train_wreck
Luminary

Re: SHA-1 has been officially broken, FVS devices don't support SHA-2

Just for information, the latest update to Cisco's RV042G router (a direct competitor to the FVS336G) has been updated to resolve this issue....

 

ciscofw.png

Message 3 of 11
SamirD
Prodigy

Re: SHA-1 has been officially broken, FVS devices don't support SHA-2

Did you hear that?  I heard a whip cracking! lol!

Message 4 of 11
abrightidea
Tutor

Re: SHA-1 has been officially broken, FVS devices don't support SHA-2

So frustrating that Netgear is not taking security serriously. Netgear VPN firewalls do not support SHA-2. That's crazy.

And no one can give an ETA

Message 5 of 11
train_wreck
Luminary

Re: SHA-1 has been officially broken, FVS devices don't support SHA-2

Honestly, I think Netgear may have given up on any substantial updates to the FVS line. The current devices (FVS318G, FVS336G) were released over 6 years ago, and the FVS line itself stretches back over 15 years. Just looking at the GUI interface, they certainly feel "old". Hell, it was only with the most recent 4.3.5 firmware last month that they bothered to get the copyright date on the interface updated from "2014".

 

Unfortunately, I see many of these devices still out in the wild....

Message 6 of 11
abrightidea
Tutor

Re: SHA-1 has been officially broken, FVS devices don't support SHA-2

Unfortunatley, i think you hit the nail on the head. I wish Netgear would be more forthcoming. Maybe by not acting or offering more insight, they're saying all they need to say..... "we're not interested in security or updates."

Message 7 of 11
vpnman
Guide

Re: SHA-1 has been officially broken, FVS devices don't support SHA-2

We bought the FVS336Gv3 first & foremost because of security. I hope we didn't made a mistake. Tardy support of SHA256 is unacceptable.
Message 8 of 11
abrightidea
Tutor

Re: SHA-1 has been officially broken, FVS devices don't support SHA-2

I'm going to give netgear another 90 days to solve this and support SHA-256.

 

I don't have high hopes- but my fingers are crossed.

Message 9 of 11
Andi12
Aspirant

Re: SHA-1 has been officially broken, FVS devices don't support SHA-2

Hello,

 

are there any news on it? We need the SHA-2 support for our FVS318N too!

Additional question. The certificate for the https login to the config webpage is SHA-1 too. This need to be changed to SHA-2 certificate too! Will this be supported by Netgear in one of the next Firmware releases?

 

 

Model: FVS318N|ProSafe Wireless N 8 port gigabit VPN firewall
Message 10 of 11
DaneA
NETGEAR Moderator

Re: SHA-1 has been officially broken, FVS devices don't support SHA-2

Hi @Andi12,

 

I'm afraid to inform you that the ProSAFE VPN Firewall product line has been discontinued.  There will be no further firmware updates that will be released.  Kindly read the EOL (End of Life) announcement here.

 

 

Regards,

 

DaneA

NETGEAR Community Team

 

Message 11 of 11
Discussion stats
  • 10 replies
  • 6242 views
  • 8 kudos
  • 6 in conversation
Announcements