POLICY-OTHER SSLv3 Client Hello attempt
The design of the Internet Key Exchange (IKE) protocol, when using Aggressive Mode for shared secret authentication, does not encrypt initiator or responder identities during negotiation, which may allow remote attackers to determine valid usernames by (1) monitoring responses before the password is supplied or (2) sniffing, as originally reported for FireWall-1 SecuRemote.
CVSS base score 5.0 CVSS impact score 2.9 CVSS exploitability score 10.0 confidentialityImpact PARTIAL integrityImpact NONE availabilityImpact NONE
CVE-2002-1623:
CVSS base score 5.0
CVSS impact score 2.9
CVSS exploitability score 10.0
Confidentiality Impact PARTIAL
Integrity Impact NONE
Availability Impact NONE
CVE-2013-2566:
CVSS base score 5.9
CVSS impact score 3.6
CVSS exploitability score 2.2
Confidentiality Impact HIGH
Integrity Impact NONE
Availability Impact NONE
CVE-2002-1623: The design of the Internet Key Exchange (IKE) protocol, when using Aggressive Mode for shared secret authentication, does not encrypt initiator or responder identities during negotiation, which may allow remote attackers to determine valid usernames by (1) monitoring responses before the password is supplied or (2) sniffing, as originally reported for FireWall-1 SecuRemote.
CVE-2013-2566: The RC4 algorithm, as used in the TLS protocol and SSL protocol, has many single-byte biases, which makes it easier for remote attackers to conduct plaintext-recovery attacks via statistical analysis of ciphertext in a large number of sessions that use the same plaintext.
CVE-2002-1623:
Access Vector NETWORK
Access Complexity LOW
Authentication NONE
CVE-2013-2566:
Access Vector
Access Complexity
Authentication
None known
None known
Upgrade to the latest non-affected version of the software.
Apply the appropriate vendor supplied patches.
©2019 Cisco and/or its affiliates. Snort, the Snort and Pig logo are registered trademarks of Cisco. All rights reserved.
Privacy Policy | Snort License | FAQ | Sitemap
