SkipNavigation
US-CERT
American Flag
  Vulnerability
Notes
Database

Search Vulnerability Notes

Vulnerability Notes Help Information


 
 View Notes By
  Name

ID Number

CVE Name

Date Public

Date Published

Date Updated

Severity Metric



 Other Documents
  Technical Alerts

Technical Bulletins

Alerts

Security Tips

Vulnerability Note VU#886601

Internet Key Exchange (IKE) protocol discloses identity when Aggressive Mode shared secret authentication is used

Overview

The Internet Key Exchange (IKE) protocol discloses username information when Aggressive Mode is used for shared secret authentication.

I. Description

The Internet Key Exchange (IKE) protocol provides a negotiation mechanism that allows an initiator to establish an encrypted session with a responder. Many firewall and Virtual Private Network (VPN) products use IKE; check your product documentation to determine which modes and authentication methods are used by your product.

By design, the IKE protocol does not encrypt the identities of the initiator or responder when performing shared secret authentication in Aggressive Mode. Depending upon your site configuration and need for identity protection, this design choice may represent a vulnerability to your organization.

II. Impact

Devices that implement this protocol as specified will leak username information while negotiating IKE sessions. This information may be useful for conducting reconnaissance on networks containing an affected device.

III. Solution

Use an alternative mode and authentication method


The IKE protocol provides many options for both connection mode and authentication method; several combinations provide identity protection. For example, both Main Mode with shared secret authentication and Aggressive Mode with public key authentication provide identity protection.

Systems Affected

VendorStatusDate NotifiedDate Updated
3ComUnknown18-Sep-2002
AlcatelUnknown18-Sep-2002
Apple Computer Inc.Vulnerable20-Sep-2002
AT&TUnknown18-Sep-2002
BSDIUnknown18-Sep-2002
Check PointVulnerable8-Oct-2002
Cisco Systems Inc.Unknown18-Sep-2002
Compaq Computer CorporationUnknown8-Oct-2002
Computer AssociatesUnknown18-Sep-2002
ConectivaUnknown18-Sep-2002
Cray Inc.Unknown18-Sep-2002
Data GeneralUnknown18-Sep-2002
DebianUnknown18-Sep-2002
F5 NetworksNot Vulnerable8-Oct-2002
FreeBSDNot Vulnerable17-Oct-2002
FujitsuNot Vulnerable18-Sep-2002
Guardian Digital Inc. Not Vulnerable2-Oct-2002
Hewlett-Packard CompanyUnknown8-Oct-2002
IBMUnknown18-Sep-2002
IntelUnknown18-Sep-2002
Juniper NetworksUnknown18-Sep-2002
KAME ProjectVulnerable15-Oct-2002
LachmanUnknown18-Sep-2002
Lotus SoftwareUnknown18-Sep-2002
Lucent TechnologiesUnknown18-Sep-2002
MandrakeSoftUnknown18-Sep-2002
Microsoft CorporationNot Vulnerable30-Sep-2002
MontaVista SoftwareNot Vulnerable20-Sep-2002
MultinetUnknown18-Sep-2002
NEC CorporationUnknown8-Oct-2002
NetBSDVulnerable17-Oct-2002
Network ApplianceNot Vulnerable20-Sep-2002
Nortel NetworksUnknown18-Sep-2002
OpenBSDUnknown18-Sep-2002
Openwall GNU/*/LinuxUnknown18-Sep-2002
Oracle CorporationUnknown18-Sep-2002
Red Hat Inc.Unknown18-Sep-2002
SequentUnknown18-Sep-2002
SGIUnknown18-Sep-2002
Sony CorporationUnknown18-Sep-2002
Sun Microsystems Inc.Not Vulnerable20-Sep-2002
SuSE Inc.Not Vulnerable20-Sep-2002
The SCO Group (SCO Linux)Unknown18-Sep-2002
The SCO Group (SCO UnixWare)Unknown18-Sep-2002
Unisphere NetworksUnknown18-Sep-2002
UnisysUnknown18-Sep-2002
Wind River Systems Inc.Unknown18-Sep-2002
Xerox CorporationNot Vulnerable4-Apr-2003

References


http://www.ietf.org/rfc/rfc2409.txt
http://www.checkpoint.com/techsupport/alerts/ike.html
http://www.nta-monitor.com/news/checkpoint.htm
http://www.dsinet.org/?id=2873
http://www.netsys.com/cgi-bin/displaynews?a=382
http://www.securiteam.com/securitynews/5TP040U8AW.html
http://online.securityfocus.com/news/603
http://online.securityfocus.com/archive/1/290202/2002-09-01/2002-09-07/0
http://packetstorm.linuxsecurity.com/advisories/misc/checkpoint.ike.txt

Credit

The CERT/CC thanks Roy Hills for reporting this issue.

This document was written by Jeffrey P. Lanza.

Other Information

Date Public:2002-09-03
Date First Published:2002-09-12
Date Last Updated:2003-04-04
CERT Advisory: 
CVE-ID(s): 
NVD-ID(s): 
US-CERT Technical Alerts: 
Metric:0.65
Document Revision:23

If you have feedback, comments, or additional information about this vulnerability, please send us email.
 

 
Page Corner Image
Copyright 2002 Carnegie Mellon University
Disclaimers and copyright information
Get Adobe Reader Get Adobe Reader