CVE-2008-1198

critical

Description

The default IPSec ifup script in Red Hat Enterprise Linux 3 through 5 configures racoon to use aggressive IKE mode instead of main IKE mode, which makes it easier for remote attackers to conduct brute force attacks by sniffing an unencrypted preshared key (PSK) hash.

References

https://exchange.xforce.ibmcloud.com/vulnerabilities/41053

https://bugzilla.redhat.com/show_bug.cgi?id=435274

http://www.securitytracker.com/id?1019563

Details

Source: Mitre, NVD

Published: 2008-03-06

Updated: 2022-02-03

Risk Information

CVSS v2

Base Score: 7.1

Vector: CVSS2#AV:N/AC:M/Au:N/C:C/I:N/A:N

Severity: High

CVSS v3

Base Score: 9.1

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

Severity: Critical