CVE-2008-1198 — Improper Control of Interaction Frequency in Redhat Enterprise Linux

4 documents4 sources

Severity

7.1HIGHNVD

EPSS

0.5%

top 36.00%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Redhat Enterprise Linux

Timeline

PublishedMar 6

Latest updateMay 1

Description

The default IPSec ifup script in Red Hat Enterprise Linux 3 through 5 configures racoon to use aggressive IKE mode instead of main IKE mode, which makes it easier for remote attackers to conduct brute force attacks by sniffing an unencrypted preshared key (PSK) hash.

CVSS vector

AV:N/AC:M/C:C/I:N/A:NExploitability: 8.6 | Impact: 6.9

Affected Packages0 packages

Also affects: Enterprise Linux 3.0, 4.0, 5.0

🔴Vulnerability Details

GHSA

GHSA-h5v2-6q4x-m7v7: The default IPSec ifup script in Red Hat Enterprise Linux 3 through 5 configures racoon to use aggressive IKE mode instead of main IKE mode, which mak↗2022-05-01

▶

📋Vendor Advisories

Red Hat

initscripts: IPSec ifup script allows for aggressive IKE mode↗2008-02-28

▶

💬Community

Bugzilla

CVE-2008-1198 initscripts: IPSec ifup script allows for aggressive IKE mode↗2008-02-28

▶