5

CVE-2002-1623

Exploit

EPSS 72.46%
Veröffentlicht 31.12.2002 05:00:00
Zuletzt bearbeitet 16.04.2026 00:27:16
Quelle cve@mitre.org
CVE-Watchlists
Login
Unerledigt
Login

The design of the Internet Key Exchange (IKE) protocol, when using Aggressive Mode for shared secret authentication, does not encrypt initiator or responder identities during negotiation, which may allow remote attackers to determine valid usernames by (1) monitoring responses before the password is supplied or (2) sniffing, as originally reported for FireWall-1 SecuRemote.

Betroffene Produkte Warnungen 0 Metriken 2 CWE 0 Referenzen 13

NVD 2 VulnDex Vulnerability Enrichment 0

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Checkpoint ≫ Vpn-1 Firewall-1 Version4.0

Checkpoint ≫ Vpn-1 Firewall-1 Version4.1

Zu dieser CVE wurde keine Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	72.46%	0.987

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	5	10	2.9	AV:N/AC:L/Au:N/C:P/I:N/A:N

Es wurden noch keine Informationen zu CWE veröffentlicht.

http://lists.grok.org.uk/pipermail/full-disclosure/2002-September/001223.html

http://marc.info/?l=bugtraq&m=103124812629621&w=2

http://marc.info/?l=bugtraq&m=103176164729351&w=2

http://www.checkpoint.com/techsupport/alerts/ike.html

http://www.kb.cert.org/vuls/id/886601

US Government Resource

http://www.nta-monitor.com/news/checkpoint.htm

http://www.securiteam.com/securitynews/5TP040U8AW.html

Exploit

http://www.securityfocus.com/archive/1/290202

Exploit

http://www.securityfocus.com/bid/5607

https://exchange.xforce.ibmcloud.com/vulnerabilities/10034

https://nvd.nist.gov/vuln/detail/CVE-2002-1623

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2002-1623

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2002-1623

EUVD