VULHUB ™

IKE, when implemented with 'XAUTH' extensions, has been reported prone to sensitive information disclosure. The vulnerability has been reported to result from a weaknesses in XAUTH when used as an extension of IKE. Specifically, the server does not have to be authorized to the client in an XAUTH based IKE negotiation. This could potentially be exploited by an attacker to carry out a session to a legitimate server, as the client who leaked the sensitive information. Other attacks would also be possible. Although specific vendor product versions affected by this issue are not currently known, the researcher has stated that the following vendors are or may be affected: Cisco, Nortel, SafeNet, MovianVPN, Certicom, and Funk AdmitOne. It should be noted that other vendors/products may be affected as well.

IKE, when implemented with 'XAUTH' extensions, has been reported prone to sensitive information disclosure. The vulnerability has been reported to result from a weaknesses in XAUTH when used as an extension of IKE. Specifically, the server does not have to be authorized to the client in an XAUTH based IKE negotiation. This could potentially be exploited by an attacker to carry out a session to a legitimate server, as the client who leaked the sensitive information. Other attacks would also be possible. Although specific vendor product versions affected by this issue are not currently known, the researcher has stated that the following vendors are or may be affected: Cisco, Nortel, SafeNet, MovianVPN, Certicom, and Funk AdmitOne. It should be noted that other vendors/products may be affected as well.