CVE-2002-1623
First published: Tue Dec 31 2002(Updated: )
The design of the Internet Key Exchange (IKE) protocol, when using Aggressive Mode for shared secret authentication, does not encrypt initiator or responder identities during negotiation, which may allow remote attackers to determine valid usernames by (1) monitoring responses before the password is supplied or (2) sniffing, as originally reported for FireWall-1 SecuRemote.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Checkpoint Vpn-1 Firewall-1 | =4.0 | |
| Checkpoint Vpn-1 Firewall-1 | =4.1 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://www.securityfocus.com/archive/1/290202
- http://www.nta-monitor.com/news/checkpoint.htm
- http://lists.grok.org.uk/pipermail/full-disclosure/2002-September/001223.html
- http://www.checkpoint.com/techsupport/alerts/ike.html
- http://www.securiteam.com/securitynews/5TP040U8AW.html
- http://www.kb.cert.org/vuls/id/886601
- http://www.securityfocus.com/bid/5607
- http://marc.info/?l=bugtraq&m=103124812629621&w=2
- http://marc.info/?l=bugtraq&m=103176164729351&w=2
- https://exchange.xforce.ibmcloud.com/vulnerabilities/10034
- collector/nvd-historical
- collector/nvd-index
- agent/weakness
- agent/references
- agent/type
- agent/event
- agent/severity
- agent/author
- agent/description
- agent/last-modified-date
- agent/softwarecombine
- agent/first-publish-date
- agent/tags
- collector/mitre-cve
- source/MITRE
- vendor/checkpoint
- canonical/checkpoint vpn-1 firewall-1
- version/checkpoint vpn-1 firewall-1/4.0
- version/checkpoint vpn-1 firewall-1/4.1