CVE-2002-1623 - The design of the Internet Key Exchange (IKE) protocol, when using Aggressive Mode for shared secret

CVE-2002-1623

Summary

The design of the Internet Key Exchange (IKE) protocol, when using Aggressive Mode for shared secret authentication, does not encrypt initiator or responder identities during negotiation, which may allow remote attackers to determine valid usernames by (1) monitoring responses before the password is supplied or (2) sniffing, as originally reported for FireWall-1 SecuRemote.

References

Vulnerable Configurations

cpe:2.3:a:checkpoint:vpn-1_firewall-1:4.0:*:*:*:*:*:*:*
cpe:2.3:a:checkpoint:vpn-1_firewall-1:4.0:*:*:*:*:*:*:*
cpe:2.3:a:checkpoint:vpn-1_firewall-1:4.1:*:*:*:*:*:*:*
cpe:2.3:a:checkpoint:vpn-1_firewall-1:4.1:*:*:*:*:*:*:*

CVSS

Base:	5.0 (as of 11-07-2017 - 01:29)
Impact:
Exploitability:

CWE

NVD-CWE-Other

CAPEC

Access

Vector	Complexity	Authentication
NETWORK	LOW	NONE

Impact

Confidentiality	Integrity	Availability
PARTIAL	NONE	NONE

cvss-vector via4

AV:N/AC:L/Au:N/C:P/I:N/A:N

refmap via4

bid	5607
bugtraq	20020903 SecuRemote usernames can be guessed or sniffed using IKE exchange 20020905 RE: SecuRemote usernames can be guessed or sniffed using IKE exchange 20020911 RE: SecuRemote usernames can be guessed or sniffed using IKE
cert-vn	VU#886601
confirm	http://www.checkpoint.com/techsupport/alerts/ike.html
fulldisc	20020903 Check Point statement on use of IKE Aggressive Mode
misc	http://www.nta-monitor.com/news/checkpoint.htm http://www.securiteam.com/securitynews/5TP040U8AW.html
xf	fw1-ike-username-enumeration(10034)

Last major update

11-07-2017 - 01:29

Published

31-12-2002 - 05:00

Last modified

11-07-2017 - 01:29