Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2001-0376

Overview

Vulnerability Score 7.5 7.5
CVE Id CVE-2001-0376
Last Modified 05 Sep 2008 04:23:57
Published 18 Jun 2001 12:00:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2001-0376

Summary

SonicWALL Tele2 and SOHO firewalls with 6.0.0.0 firmware using IPSEC with IKE pre-shared keys do not allow for the use of full 128 byte IKE pre-shared keys, which is the intended design of the IKE pre-shared key, and only support 48 byte keys. This allows a remote attacker to brute force attack the pre-shared keys with significantly less resources than if the full 128 byte IKE pre-shared keys were used.

Vulnerable Systems


References

BUGTRAQ - 20010327 SonicWall IKE pre-shared key length bug and security concern

XF - sonicwall-ike-shared-keys


Last Updated: 27 May 2016 10:36:14