Vulnerability Note VU#857035
IKEv1 Main Mode vulnerable to brute force attacks
Internet Key Exchange v1 main mode is vulnerable to offline dictionary or brute force attacks.
The Internet Key Exchange v1 main mode is vulnerable to offline dictionary or brute force attacks. (CVE-2018-5389)
It is well known, that the aggressive mode of IKEv1 PSK is vulnerable to offline dictionary or brute force attacks. For the main mode however, only an online attack against PSK authentication was thought to be feasible.
An attacker may be able to recover a weak Pre-Shared Key.
Use Secure Passwords
Vendor Information (Learn More)
|Vendor||Status||Date Notified||Date Updated|
|Netgear, Inc.||Not Affected||18 Jul 2018||17 Aug 2018|
|3com Inc||Unknown||18 Jul 2018||18 Jul 2018|
|ACCESS||Unknown||18 Jul 2018||18 Jul 2018|
|Actiontec||Unknown||18 Jul 2018||18 Jul 2018|
|ADTRAN||Unknown||18 Jul 2018||18 Jul 2018|
|aep NETWORKS||Unknown||18 Jul 2018||18 Jul 2018|
|AirWatch||Unknown||18 Jul 2018||18 Jul 2018|
|Alcatel-Lucent Enterprise||Unknown||18 Jul 2018||18 Jul 2018|
|Amazon||Unknown||18 Jul 2018||18 Jul 2018|
|Android Open Source Project||Unknown||18 Jul 2018||18 Jul 2018|
|Appgate Network Security||Unknown||18 Jul 2018||18 Jul 2018|
|Apple||Unknown||18 Jul 2018||18 Jul 2018|
|Arch Linux||Unknown||18 Jul 2018||18 Jul 2018|
|Arista Networks, Inc.||Unknown||18 Jul 2018||18 Jul 2018|
|ARRIS||Unknown||18 Jul 2018||18 Jul 2018|
CVSS Metrics (Learn More)
Thanks to Martin Grothe , Joerg Schwenk , and Dennis Felsc h for reporting this vulnerability.
This document was written by Trent Novelly.
- CVE IDs: CVE-2018-5389
- Date Public: 14 Aug 2018
- Date First Published: 14 Aug 2018
- Date Last Updated: 17 Aug 2018
- Document Revision: 14
If you have feedback, comments, or additional information about this vulnerability, please send us email.