DescriptionThe design of the Internet Key Exchange (IKE) protocol, when using Aggressive Mode for shared secret authentication, does not encrypt initiator or responder identities during negotiation, which may allow remote attackers to determine valid usernames by (1) monitoring responses before the password is supplied or (2) sniffing, as originally reported for FireWall-1 SecuRemote.
Overall state of this security issue: Does not affect SUSE products
This issue is currently rated as having moderate severity.
|National Vulnerability Database|
Note from the SUSE Security TeamThis issue happens in IKE aggressive mode, also in current ipsec-tools versions. IKE agressive mode is not recommended to be used. No SUSE Bugzilla entries cross referenced. No SUSE Security Announcements cross referenced.
SUSE Timeline for this CVECVE page created: Fri Jun 28 00:42:46 2013
CVE page last modified: Fri Oct 7 12:45:27 2022