5

CVE-2002-1623

Exploit

EPSS 60.99%
Published 31.12.2002 05:00:00
Last modified 03.04.2025 01:03:51
Source cve@mitre.org
Teams watchlist Login
Open Login

The design of the Internet Key Exchange (IKE) protocol, when using Aggressive Mode for shared secret authentication, does not encrypt initiator or responder identities during negotiation, which may allow remote attackers to determine valid usernames by (1) monitoring responses before the password is supplied or (2) sniffing, as originally reported for FireWall-1 SecuRemote.

Affected products Warnungen 0 Metrics 2 CWE 0 References 13

Data is provided by the National Vulnerability Database (NVD)

Checkpoint ≫ Vpn-1 Firewall-1 Version4.0

Checkpoint ≫ Vpn-1 Firewall-1 Version4.1

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	60.99%	0.982

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	5	10	2.9	AV:N/AC:L/Au:N/C:P/I:N/A:N

http://lists.grok.org.uk/pipermail/full-disclosure/2002-September/001223.html

http://marc.info/?l=bugtraq&m=103124812629621&w=2

http://marc.info/?l=bugtraq&m=103176164729351&w=2

http://www.checkpoint.com/techsupport/alerts/ike.html

http://www.kb.cert.org/vuls/id/886601

US Government Resource

http://www.nta-monitor.com/news/checkpoint.htm

http://www.securiteam.com/securitynews/5TP040U8AW.html

Exploit

http://www.securityfocus.com/archive/1/290202

Exploit

http://www.securityfocus.com/bid/5607

https://exchange.xforce.ibmcloud.com/vulnerabilities/10034

https://nvd.nist.gov/vuln/detail/CVE-2002-1623

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2002-1623

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2002-1623

EUVD