The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

System Fails PCI because of Internet Key Exchange (IKE) Aggressive Mode with Pre-Shared Key

Discussion in 'Security' started by tagteamcomputin, Oct 7, 2014.

  1. tagteamcomputin

    tagteamcomputin Registered

    Joined:
    Jan 8, 2012
    Messages:
    4
    Likes Received:
    0
    Trophy Points:
    1
    cPanel Access Level:
    Root Administrator
    My system keeps failing my PCI vendor scans because of the below. I have been looking how to fix this but cant find a solution.

    Synopsis
    The remote IKEv1 service supports Aggressive Mode with Pre-Shared key.

    Description
    The remote Internet Key Exchange (IKE) version 1 service seems to support Aggressive Mode with Pre-Shared key (PSK) authentication. Such a configuration could allow an attacker to capture and crack the PSK of a VPN gateway and gain unauthorized access to private networks.

    See also
    http://heartland.403labs.com/u?07b12cbb
    https://www.ernw.de/download/pskattack.pdf
    Weak authentication in Xauth and IKE
    IKE Aggressive Mode Shared Secret Hash Leakage Weakness

    Solution
    - Disable Aggressive Mode if supported.
    - Do not use Pre-Shared key for authentication if it's possible.
    - If using Pre-Shared key cannot be avoided, use very strong keys.
    - If possible, do not allow VPN connections from any IP addresses.

    Note that this plugin does not run over IPv6.

    Risk factor
    Medium / CVSS Base Score : 5.0
    (CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N)
    CVSS Temporal Score : 4.5
    (CVSS2#E:F/RL:W/RC:C)
    Public Exploit Available : true

    CVE
    CVE-2002-1623

    BID
    7423

    Other reference
    CERT:886601, OSVDB:3820
     
  2. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    30,854
    Likes Received:
    676
    Trophy Points:
    113
    cPanel Access Level:
    Root Administrator
    Hello :)

    No aspect of cPanel should be seen as a VPN. What port number are they referencing for this failure? It's likely a false positive if it's a cPanel port.

    Thank you.
     
  3. quizknows

    quizknows Well-Known Member

    Joined:
    Oct 20, 2009
    Messages:
    942
    Likes Received:
    57
    Trophy Points:
    28
    cPanel Access Level:
    DataCenter Provider
    Yeah, I'd lean toward false positive on first glance too. The CVE from 2002 is a dead giveaway that something is funky.
     
Loading...

Share This Page