Internet Key Exchange (IKE) Aggressive Mode with Pre-Shared Key

This script is Copyright (C) 2013-2015 Tenable Network Security, Inc.

Synopsis :

The remote IKEv1 service supports Aggressive Mode with Pre-Shared key.

Description :

The remote Internet Key Exchange (IKE) version 1 service seems to
support Aggressive Mode with Pre-Shared key (PSK) authentication. Such
a configuration could allow an attacker to capture and crack the PSK
of a VPN gateway and gain unauthorized access to private networks.

See also :

Solution :

- Disable Aggressive Mode if supported.
- Do not use Pre-Shared key for authentication if it's possible.
- If using Pre-Shared key cannot be avoided, use very strong keys.
- If possible, do not allow VPN connections from any IP addresses.

Note that this plugin does not run over IPv6.

Risk factor :

Medium / CVSS Base Score : 5.0
CVSS Temporal Score : 4.5
Public Exploit Available : true

Family: General

Nessus Plugin ID: 62694 ()

Bugtraq ID: 7423

CVE ID: CVE-2002-1623