CVE-2002-1623

Name of the Vulnerable Software and Affected Versions Internet Key Exchange (IKE) protocol (affected versions not specified)

Description The issue concerns the design of the Internet Key Exchange (IKE) protocol when using Aggressive Mode for shared secret authentication. This design flaw does not encrypt initiator or responder identities during negotiation. As a result, remote attackers may be able to determine valid usernames by either monitoring responses before the password is supplied or through sniffing.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.