CVE-2008-1198

The default IPSec ifup script in Red Hat Enterprise Linux 3 through 5 configures racoon to use aggressive IKE mode instead of main IKE mode, which makes it easier for remote attackers to conduct brute force attacks by sniffing an unencrypted preshared key (PSK) hash.

Published: Mar 6, 2008
Updated: Apr 13, 2023
CVE: CVE-2008-1198
Severity: High
Exploit:

CVSS v2:

Severity: High
Score: 7.1
AV:N/AC:M/Au:N/C:C/I:N/A:N

No CWE or OWASP classifications available.

Affected Software
References

Software	From	Fixed in
redhat / enterprise_linux	5.0	5.0.x
redhat / enterprise_linux	3.0	3.0.x
redhat / enterprise_linux	4.0	4.0.x

http://secunia.com/advisories/48045
http://www.ernw.de/download/pskattack.pdf
http://www.securitytracker.com/id?1019563
https://bugzilla.redhat.com/show_bug.cgi?id=435274
https://exchange.xforce.ibmcloud.com/vulnerabilities/41053

Vulnerability Database

289,599

CVE-2008-1198