IKE - Aggressive Mode Shared Secret Hash Leakage

Author: John Pliam
type: remote
platform: hardware
port: nan
date_added: 1999-10-02 
date_updated: 2012-11-12 
verified: 1 
codes: OSVDB-34836 
tags: 
aliases:  
screenshot_url:  
application_url: 

source: https://www.securityfocus.com/bid/7423/info

When a VPN is configured to use a pre-shared master secret and a client attempts to negotiate keys in aggressive mode, a hash of the secret is transmitted across the network in clear-text. This may result in the hash being leaked to eavesdroppers or malicious clients. An offline brute-force attack on this hash may then be performed to obtain the clear-text secret.

https://gitlab.com/exploit-database/exploitdb-bin-sploits/-/raw/main/bin-sploits/22532.tar.gz