This script is Copyright (C) 2013 Tenable Network Security, Inc.
The remote IKEv1 service supports Aggressive Mode with Pre-Shared key.
The remote Internet Key Exchange (IKE) version 1 service seems to
support Aggressive Mode with Pre-Shared key (PSK) authentication. Such
a configuration could allow an attacker to capture and crack the PSK
of a VPN gateway and gain unauthorized access to private networks.
See also :
- Disable Aggressive Mode if supported.
- Do not use Pre-Shared key for authentication if it's possible.
- If using Pre-Shared key cannot be avoided, use very strong keys.
- If possible, do not allow VPN connections from any IP addresses.
Note that this plugin does not run over IPv6.
Risk factor :
Medium / CVSS Base Score : 5.0
CVSS Temporal Score : 4.5
Public Exploit Available : true