header-logo
Suggest Exploit
vendor:
N/A
by:
SecurityFocus
7.5
CVSS
HIGH
Leakage of Pre-Shared Master Secret
310
CWE
Product Name: N/A
Affected Version From: N/A
Affected Version To: N/A
Patch Exists: NO
Related CWE: N/A
CPE: N/A
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: N/A
2002

VPN Pre-Shared Master Secret Leakage

When a VPN is configured to use a pre-shared master secret and a client attempts to negotiate keys in aggressive mode, a hash of the secret is transmitted across the network in clear-text. This may result in the hash being leaked to eavesdroppers or malicious clients. An offline brute-force attack on this hash may then be performed to obtain the clear-text secret.

Mitigation:

Ensure that the pre-shared master secret is not transmitted in clear-text over the network.
Source

Exploit-DB raw data:

source: https://www.securityfocus.com/bid/7423/info

When a VPN is configured to use a pre-shared master secret and a client attempts to negotiate keys in aggressive mode, a hash of the secret is transmitted across the network in clear-text. This may result in the hash being leaked to eavesdroppers or malicious clients. An offline brute-force attack on this hash may then be performed to obtain the clear-text secret. 

https://gitlab.com/exploit-database/exploitdb-bin-sploits/-/raw/main/bin-sploits/22532.tar.gz

Navigation

Suggest Exploit

Services By CQR