Vulnerability Note VU#886601
Internet Key Exchange (IKE) protocol discloses identity when Aggressive Mode shared secret authentication is used
Overview
The Internet Key Exchange (IKE) protocol discloses username information when Aggressive Mode is used for shared secret authentication.
Description
The Internet Key Exchange (IKE) protocol provides a negotiation mechanism that allows an initiator to establish an encrypted session with a responder. Many firewall and Virtual Private Network (VPN) products use IKE; check your product documentation to determine which modes and authentication methods are used by your product. By design, the IKE protocol does not encrypt the identities of the initiator or responder when performing shared secret authentication in Aggressive Mode. Depending upon your site configuration and need for identity protection, this design choice may represent a vulnerability to your organization. |
Impact
Devices that implement this protocol as specified will leak username information while negotiating IKE sessions. This information may be useful for conducting reconnaissance on networks containing an affected device. |
Solution
Use an alternative mode and authentication method |
Systems Affected (Learn More)
| Vendor | Status | Date Notified | Date Updated |
|---|---|---|---|
| Apple Computer Inc. | Affected | 17 Sep 2002 | 20 Sep 2002 |
| Check Point | Affected | 03 Sep 2002 | 08 Oct 2002 |
| KAME Project | Affected | 24 Sep 2002 | 15 Oct 2002 |
| NetBSD | Affected | 17 Sep 2002 | 17 Oct 2002 |
| F5 Networks | Not Affected | 17 Sep 2002 | 08 Oct 2002 |
| FreeBSD | Not Affected | 17 Sep 2002 | 17 Oct 2002 |
| Fujitsu | Not Affected | 17 Sep 2002 | 18 Sep 2002 |
| Guardian Digital Inc. | Not Affected | 17 Sep 2002 | 02 Oct 2002 |
| Microsoft Corporation | Not Affected | 17 Sep 2002 | 30 Sep 2002 |
| MontaVista Software | Not Affected | 17 Sep 2002 | 20 Sep 2002 |
| Network Appliance | Not Affected | 17 Sep 2002 | 20 Sep 2002 |
| Sun Microsystems Inc. | Not Affected | 17 Sep 2002 | 20 Sep 2002 |
| SuSE Inc. | Not Affected | 17 Sep 2002 | 20 Sep 2002 |
| Xerox Corporation | Not Affected | 17 Sep 2002 | 04 Apr 2003 |
| 3Com | Unknown | 17 Sep 2002 | 18 Sep 2002 |
CVSS Metrics (Learn More)
| Group | Score | Vector |
|---|---|---|
| Base | N/A | N/A |
| Temporal | N/A | N/A |
| Environmental | N/A | N/A |
References
- http://www.ietf.org/rfc/rfc2409.txt
- http://www.checkpoint.com/techsupport/alerts/ike.html
- http://www.nta-monitor.com/news/checkpoint.htm
- http://www.dsinet.org/?id=2873
- http://www.netsys.com/cgi-bin/displaynews?a=382
- http://www.securiteam.com/securitynews/5TP040U8AW.html
- http://online.securityfocus.com/news/603
- http://online.securityfocus.com/archive/1/290202/2002-09-01/2002-09-07/0
- http://packetstorm.linuxsecurity.com/advisories/misc/checkpoint.ike.txt
Credit
The CERT/CC thanks Roy Hills for reporting this issue.
This document was written by Jeffrey P. Lanza.
Other Information
- CVE IDs: Unknown
- Date Public: 03 Sep 2002
- Date First Published: 12 Sep 2002
- Date Last Updated: 04 Apr 2003
- Severity Metric: 0.65
- Document Revision: 23
Feedback
If you have feedback, comments, or additional information about this vulnerability, please send us email.
View Notes By
Report a Vulnerability
Please use the Vulnerability Reporting Form to report a vulnerability. Alternatively, you can send us email. Be sure to read our vulnerability disclosure policy.