• News
• Infocus
• Foundations
• Microsoft
• Unix
• IDS
• Incidents
• Virus
• Pen-Test
• Firewalls
• Columnists
• Mailing Lists
• Newsletters
• Bugtraq
• Focus on IDS
• Focus on Linux
• Focus on Microsoft
• Forensics
• Pen-test
• Security Basics
• Vuln Dev
• Vulnerabilities
• Jobs
• Job Opportunities
• Resumes
• Job Seekers
• Employers
• Tools
• RSS
• News
• Vulns
• Security Research

• info
• discussion
• exploit
• solution
• references

Multiple Vendor IKE Insecure XAUTH Implementation Vulnerabilities

Solution:
Cisco has released a security notice, which outlines updates that are scheduled for release in the third quarter of 2004 to address this issue. This update will augment the Hybrid Auth model so that a group pre-shared key for VPN group identification is required. Please see the referenced notice for further details.

It has been reported that some vendors may have addressed this issue in their VPN clients and other software. This has not yet been confirmed by Symantec. Please contact the relevant vendor representative for further information regarding this issue.

Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or are aware of more recent information, please mail us at: vuldb@securityfocus.com <mailto:vuldb@securityfocus.com>.