5

CVE-2002-1623

Exploit

EPSS 60.99%
Veröffentlicht 31.12.2002 05:00:00
Zuletzt bearbeitet 03.04.2025 01:03:51
Quelle cve@mitre.org
Teams Watchlist Login
Unerledigt Login

The design of the Internet Key Exchange (IKE) protocol, when using Aggressive Mode for shared secret authentication, does not encrypt initiator or responder identities during negotiation, which may allow remote attackers to determine valid usernames by (1) monitoring responses before the password is supplied or (2) sniffing, as originally reported for FireWall-1 SecuRemote.

Betroffene Produkte Warnungen 0 Metriken 2 CWE 0 Referenzen 13

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Checkpoint ≫ Vpn-1 Firewall-1 Version4.0

Checkpoint ≫ Vpn-1 Firewall-1 Version4.1

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	60.99%	0.982

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	5	10	2.9	AV:N/AC:L/Au:N/C:P/I:N/A:N

http://lists.grok.org.uk/pipermail/full-disclosure/2002-September/001223.html

http://marc.info/?l=bugtraq&m=103124812629621&w=2

http://marc.info/?l=bugtraq&m=103176164729351&w=2

http://www.checkpoint.com/techsupport/alerts/ike.html

http://www.kb.cert.org/vuls/id/886601

US Government Resource

http://www.nta-monitor.com/news/checkpoint.htm

http://www.securiteam.com/securitynews/5TP040U8AW.html

Exploit

http://www.securityfocus.com/archive/1/290202

Exploit

http://www.securityfocus.com/bid/5607

https://exchange.xforce.ibmcloud.com/vulnerabilities/10034

https://nvd.nist.gov/vuln/detail/CVE-2002-1623

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2002-1623

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2002-1623

EUVD