PTS2025

VRRP (Virtual Router Redundancy Protocol) is an open-standard protocol designed to ensure high availability of routers. Proven and widely adopted, it is used in many network infrastructures. However, the security aspects of VRRP are rarely discussed in depth in available online resources. For instance, VRRPv2, which remains widely used today, offers two authentication modes, one of which is easily bypassed. In contrast, VRRPv3 has completely removed authentication, as the protocol's authors considered that security should be handled at a different layer. In this presentation, I will focus on the IP tie-breaking dilemma that arises during VRRP priority conflicts, particularly when the legitimate master router is configured with the highest priority value of 255. To illustrate this issue, I will rely on Keepalived, a widely used open-source implementation of VRRP. I will also highlight a design flaw I co-discovered in the VRRP protocol (RFC 9568), in collaboration with the Keepalived project maintainers. This vulnerability, documented in erratum 8298 and validated by the IETF, allows an attacker on the same network to impersonate the master router during a priority conflict, revealing a weakness in the protocol’s design.