DescriptionThe Internet Key Exchange v1 main mode is vulnerable to offline dictionary or brute force attacks. Reusing a key pair across different versions and modes of IKE could lead to cross-protocol authentication bypasses. It is well known, that the aggressive mode of IKEv1 PSK is vulnerable to offline dictionary or brute force attacks. For the main mode, however, only an online attack against PSK authentication was thought to be feasible. This vulnerability could allow an attacker to recover a weak Pre-Shared Key or enable the impersonation of a victim host or network.
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, GitHub advisories/code/issues, web search, more)

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
isakmpd (PTS)buster20041012-8vulnerable
libreswan (PTS)buster, buster (security)3.27-6+deb10u1vulnerable
bullseye (security)4.3-1+deb11u3vulnerable
sid, trixie4.14-1vulnerable
strongswan (PTS)buster5.7.2-1+deb10u2vulnerable
buster (security)5.7.2-1+deb10u4vulnerable
bullseye (security), bullseye5.9.1-1+deb11u4vulnerable
bookworm, bookworm (security)5.9.8-5+deb12u1vulnerable
sid, trixie5.9.13-2vulnerable

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs

vulnerability in IKEv1 protocol, not fixable in implementation; use strong passphrase or public-key cryptography

Search for package or bug name: Reporting problems