[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[FD] IKE Aggressive Mode Downgrade Attack?

To: "fulldisclosure@xxxxxxxxxxxx" <fulldisclosure@xxxxxxxxxxxx>
Subject: [FD] IKE Aggressive Mode Downgrade Attack?
From: Melchior Limacher <mli@xxxxxxxxxxxx>
Date: Thu, 30 Apr 2015 14:34:53 +0200

Hello


I was reading about "ike aggressive mode with pre shared key" (CVE-2002-1623).

As described by cisco 
(http://www.cisco.com/en/US/tech/tk583/tk372/technologies_security_notice09186a008016b57f.html),
 this is still an issue
"When responding to IPSec session initialization, Cisco IOS(r) software
may use Aggressive Mode even if it has not been explicitly configured
to do so. Cisco IOS software initially tries to negotiate using Main
Mode but, failing that, resorts to Aggressive Mode."

Are there known downgrade attacks? Counter-Measures?

Thanks for your feedback and regards,
mli

_______________________________________________
Sent through the Full Disclosure mailing list
https://nmap.org/mailman/listinfo/fulldisclosure
Web Archives & RSS: http://seclists.org/fulldisclosure/

Follow-Ups:
- Re: [FD] IKE Aggressive Mode Downgrade Attack?
  - From: Lee

Prev by Date: [FD] Heap overflow / invalid read in Libtasn1 before 4.5 (TFPA 005/2015)
Next by Date: [FD] OS X 0day - works on latest verz
Previous by thread: [FD] Heap overflow / invalid read in Libtasn1 before 4.5 (TFPA 005/2015)
Next by thread: Re: [FD] IKE Aggressive Mode Downgrade Attack?
Index(es):
- Date
- Thread