← CVECheck
HomeVulnerabilities

CVE-2002-1623 — MEDIUM severity vulnerability (The design of the Internet Key Exchange (IKE) protocol, when)

The design of the Internet Key Exchange (IKE) protocol, when using Aggressive Mode for shared secret authentication, does not encrypt initiator or responder identities during negotiation, which may allow remote attackers to determine valid usernames by (1) monitoring responses before the password is supplied or (2) sni

CVE IDCVE-2002-1623
SeverityMEDIUM
CVSS score5.0
CVSS vectorAV:N/AC:L/Au:N/C:P/I:N/A:N
CWENVD-CWE-Other
StatusModified
Published2002-12-31
Last modified2026-04-16
DescriptionThe design of the Internet Key Exchange (IKE) protocol, when using Aggressive Mode for shared secret authentication, does not encrypt initiator or responder identities during negotiation, which may allow remote attackers to determine valid usernames by (1) monitoring responses before the password is supplied or (2) sniffing, as originally reported for FireWall-1 SecuRemote.
SourceNIST National Vulnerability Database

🔍 Search all vulnerabilities →