17th Aug 2018 – IKEv1 Main Mode vulnerable to brute force attacks

Sometimes the situation of the technology world similar a people stand in the cross road. For instance, you relies on remote access to do your work. We relies SSL/TLS so far. Now we know SSL TLS 1.0 not safe and advice to use TLS 1.1 and 1.2. VPN (virtual private network) like a mandatory interconnect of our life daily. We known already that VPN with IKEv1 aggressive mode not safe. How about IKEv1 main mode situation? The world tell the truth this week. IKEv1 Main Mode vulnerable to brute force attacks. The Internet Key Exchange v1 main mode is vulnerable to offline dictionary or brute force attacks. (CVE-2018-5389). The fact is that an attacker may be able to recover a weak Pre-Shared Key (weak shared secret).

Offical details shown below reference hyperlink.