Home page logo

basics logo Security Basics mailing list archives

Re: VPN using aggressive mode
From: "Chris McNab" <chris.mcnab () trustmatta com>
Date: Sun, 23 Nov 2003 20:00:54 -0000


On Fri, 2003-11-21 at 21:58, Ranjeet Shetye wrote:
Irrespective of all this, ALL phase 1s are secure, and ALL phase 2s are
secure. I would not worry about the cleartext transmission of the ID -
it IS leakage of information and to be "worried" about from the
standpoint of someone designing a protocol or an architecture, but its
implications for a lay user are not so great.

This is incorrect.

Aggressive mode IKE, if used with a pre-shared key (PSK), is vulnerable to a
very serious remote attack. A _remote_ attacker can negotiate an aggressive
mode connection to UDP/500, even if he does not know the PSK, and the PSK
will be hashed (using MD5 or SHA1) and returned to him from the gateway.
This hash can then be cracked offline, and access to the VPN granted.

Michael Thumann put together a PDF documenting this attack step-by-step,
available from:


Obviously, the way to prevent this is two-fold:

- Use digital certificates (or two-factor auth with hybrid mode IKE) instead
of pre-shared keys.
- Disable aggressive mode IKE support if you are using pre-shared keys.



Chris McNab
Technical Director

Matta Consulting
18 Noel Street
London W1F 8GN



  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]