Hello Everyone,
One of our vendors did security check on our network and gave us an issue about CVE-2002-1623: https://web.nvd.nist.gov/view/vuln/deta ... -2002-1623
It looks like it's related to Aggressive mode IKE being enable.
Does anyone know how to fix it?
Aggressive mode IKE
-
- Posts: 31
- Joined: Mon Feb 24, 2014 12:12 am
Re: Aggressive mode IKE
Sure.. use a different VPN protocol.
-
- Posts: 2
- Joined: Tue Oct 06, 2015 6:20 pm
Re: Aggressive mode IKE
Is there any other way than changing the protocol?
-
- Site Admin
- Posts: 2167
- Joined: Sat Mar 09, 2013 5:37 am
Re: Aggressive mode IKE
IPSec initiator side selects the IKE mode.
If you don't want to use the aggressive mode, you can configure the VPN client so.
If you don't want to use the aggressive mode, you can configure the VPN client so.
-
- Posts: 2458
- Joined: Mon Feb 24, 2014 11:03 am
Re: Aggressive mode IKE
Please read the manual of the your client.
-
- Posts: 1
- Joined: Sat Oct 26, 2019 5:15 pm
Re: Aggressive mode IKE
Has anyone answered this one? It's not a client issue.
A Nessus scan of the server reports "The remote Internet Key Exchange (IKE) version 1 service seems to support Aggressive Mode with Pre-Shared Key (PSK) authentication. Such a configuration could allow an attacker to capture and crack the PSK of a VPN gateway and gain unauthorised access to private networks."
Can anyone suggest a way to set Softether to use Main Mode instead of Aggressive Mode?
A Nessus scan of the server reports "The remote Internet Key Exchange (IKE) version 1 service seems to support Aggressive Mode with Pre-Shared Key (PSK) authentication. Such a configuration could allow an attacker to capture and crack the PSK of a VPN gateway and gain unauthorised access to private networks."
Can anyone suggest a way to set Softether to use Main Mode instead of Aggressive Mode?
-
- Posts: 4
- Joined: Fri Apr 03, 2020 2:25 pm
Re: Aggressive mode IKE
"Added the DisableIPsecAggressiveMode option. You can set "bool DisableIPsecAggressiveMode true" to disable the IPsec Aggressive Mode to moderate CVE-2002-1623."
https://www.softether.org/5-download/history
https://www.softether.org/5-download/history