5

CVE-2002-1623

Exploit
The design of the Internet Key Exchange (IKE) protocol, when using Aggressive Mode for shared secret authentication, does not encrypt initiator or responder identities during negotiation, which may allow remote attackers to determine valid usernames by (1) monitoring responses before the password is supplied or (2) sniffing, as originally reported for FireWall-1 SecuRemote.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
CheckpointVpn-1 Firewall-1 Version4.0
CheckpointVpn-1 Firewall-1 Version4.1
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 48.57% 0.987
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 5 10 2.9
AV:N/AC:L/Au:N/C:P/I:N/A:N
Es wurden noch keine Informationen zu CWE veröffentlicht.
http://lists.grok.org.uk/pipermail/full-disclosure/2002-September/001223.html
http://marc.info/?l=bugtraq&m=103124812629621&w=2
http://marc.info/?l=bugtraq&m=103176164729351&w=2
http://www.checkpoint.com/techsupport/alerts/ike.html
http://www.kb.cert.org/vuls/id/886601
US Government Resource
http://www.nta-monitor.com/news/checkpoint.htm
http://www.securiteam.com/securitynews/5TP040U8AW.html
Exploit
http://www.securityfocus.com/archive/1/290202
Exploit
http://www.securityfocus.com/bid/5607
https://exchange.xforce.ibmcloud.com/vulnerabilities/10034