{"vuid":"VU#857035","idnumber":"857035","name":"IKEv1 Main Mode vulnerable to brute force attacks","keywords":[""],"overview":"### Overview ###\r\n

Internet Key Exchange v1 main mode is vulnerable to offline dictionary or brute force attacks.

\r\n\r\n### Description ###\r\n

The Internet Key Exchange v1 main mode is vulnerable to offline dictionary or brute force attacks. (CVE-2018-5389)

It is well known, that the aggressive mode of IKEv1 PSK is vulnerable to offline dictionary or brute force attacks. For the main mode however, only an online attack against PSK authentication was thought to be feasible.

\r\n\r\n### Impact ###\r\n

An attacker may be able to recover a weak Pre-Shared Key.

\r\n\r\n### Solution ###\r\n

Use Secure Passwords
Use cryptographically secure PSK values that resist brute force or dictionary attacks.

\r\n\r\nAs mentioned in USENIX '18 presentation\r\n> To counter these attacks, both entry points must be closed: Only high entropy PSKs should be used, and both PKE and RPKE modes should be deactivated in all IKE devices. It is not sufficient to configure key sep- aration on the sender side. All receivers must also be informed about this key separation – novel solutions are required to achieve this task.\r\n\r\n\r\n### Acknowledgements ###\r\n

Thanks to Martin Grothe, Joerg Schwenk, and Dennis Felsch for reporting this vulnerability.

This document was written by Trent Novelly.

","clean_desc":"The Internet Key Exchange v1 main mode is vulnerable to offline dictionary or brute force attacks. (CVE-2018-5389) It is well known, that the aggressive mode of IKEv1 PSK is vulnerable to offline dictionary or brute force attacks. For the main mode however, only an online attack against PSK authentication was thought to be feasible.","impact":"An attacker may be able to recover a weak Pre-Shared Key.","resolution":"Use Secure Passwords\nUse cryptographically secure PSK values that resist brute force or dictionary attacks.","workarounds":"","sysaffected":"","thanks":"Thanks to \nMartin Grothe Joerg Schwenk and \nDennis Felsc\nh\n for reporting this vulnerability.","author":"This document was written by Trent Novelly.","public":["https://web-in-security.blogspot.com/2018/08/practical-dictionary-attack-on-ipsec-ike.html","https://www.usenix.org/conference/usenixsecurity18/presentation/felsch","https://blogs.cisco.com/security/great-cipher-but-where-did-you-get-that-key"],"cveids":["CVE-2018-5389"],"certadvisory":"","uscerttechnicalalert":null,"datecreated":"2018-06-06T18:33:51Z","publicdate":"2018-08-14T00:00:00Z","datefirstpublished":"2018-08-14T21:38:18Z","dateupdated":"2024-07-15T14:51:41.346494Z","revision":18,"vrda_d1_directreport":"1","vrda_d1_population":"","vrda_d1_impact":"","cam_widelyknown":"0","cam_exploitation":"0","cam_internetinfrastructure":"0","cam_population":"0","cam_impact":"0","cam_easeofexploitation":"0","cam_attackeraccessrequired":"0","cam_scorecurrent":"0","cam_scorecurrentwidelyknown":"0","cam_scorecurrentwidelyknownexploited":"0","ipprotocol":"","cvss_accessvector":"N","cvss_accesscomplexity":"M","cvss_authentication":null,"cvss_confidentialityimpact":"C","cvss_integrityimpact":"C","cvss_availabilityimpact":"N","cvss_exploitablity":null,"cvss_remediationlevel":"U","cvss_reportconfidence":"--","cvss_collateraldamagepotential":"ND","cvss_targetdistribution":"ND","cvss_securityrequirementscr":"ND","cvss_securityrequirementsir":"ND","cvss_securityrequirementsar":"ND","cvss_basescore":"8.8","cvss_basevector":"AV:N/AC:M/Au:N/C:C/I:C/A:N","cvss_temporalscore":"7.9","cvss_environmentalscore":"7.89511617216","cvss_environmentalvector":"CDP:ND/TD:ND/CR:ND/IR:ND/AR:ND","metric":0.0,"vulnote":104}