DescriptionThe Internet Key Exchange v1 main mode is vulnerable to offline dictionary or brute force attacks. Reusing a key pair across different versions and modes of IKE could lead to cross-protocol authentication bypasses. It is well known, that the aggressive mode of IKEv1 PSK is vulnerable to offline dictionary or brute force attacks. For the main mode, however, only an online attack against PSK authentication was thought to be feasible. This vulnerability could allow an attacker to recover a weak Pre-Shared Key or enable the impersonation of a victim host or network.
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, bugtraq, EDB, Metasploit, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, Mageia, GitHub code/issues, web search, more)
NVD severitymedium (attack range: remote)

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
ipsec-tools (PTS)jessie (security), jessie1:0.8.2+20140711-2+deb8u1vulnerable
isakmpd (PTS)stretch20041012-7.4vulnerable
buster, sid20041012-8vulnerable
libreswan (PTS)buster, sid3.27-4vulnerable
strongswan (PTS)jessie5.2.1-6+deb8u6vulnerable
jessie (security)5.2.1-6+deb8u8vulnerable
stretch (security), stretch5.5.1-4+deb9u4vulnerable
buster, sid5.7.2-1vulnerable

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs

vulnerability in IKEv1 protocol, not fixable in implementation; use strong passphrase or public-key cryptography

Search for package or bug name: Reporting problems