AnsweredAssumed Answered

In my scan results QID 38115 - Weak IPsec Encryption Settings  is posted. What does this mean?

Question asked by Prashant Rojesara on Feb 14, 2012
Latest reply on Sep 28, 2017 by Busby

I received below output,. Can someone tell what is the exact resolution for it :

 

Weak IPsec Encryption Settings

h-68-167-124-106.cmbrmaor.static.covad.net

QID:     38115 CVSS Base:    4.9

Category:        General remote services        CVSS Temporal:         4.1

Port/Service:   500 / General remote services (udp)  False Positive:            N/A

Bugtraq ID:      -

CVE ID:           -

Vendor Reference:      -

Last Update:    11/29/2007 at 13:39:02

Threat:

This host contains an ISAKMP/IKE key exchange server to negotiate encryption keys for IPsec Virtual Private Networks (VPNs). The configuration of the server allows clients to establish VPN connections with insecure encryption settings or key lengths. Once established, these connections may allow remote malicious users with access to the VPN data stream to recover the session key used in the connection by performing brute-force key space searches.

 

Note:

This QID will be reported as a Potential Vulnerability (not as a Vulnerability)on some versions of IOS because an ISAKMP SA with weak settings can beestablished first, and then rejected later by a policy check. Withouthaving VPN authentication credentials, it is impossible to differentiatebetween this type of setup and a setup that truly allows ISAKMP SA withweak settings.

 

Impact:

A malicious user with access to the VPN data stream may be able to recover the session key of a VPN connection. This would then provide access to all data sent across the VPN connection, which may include passwords and sensitive files.

 

Solution:

Disable the encryption algorithm "DES" (key length of 56 bits) and the key exchange algorithm DH768 (MODP768). Secure replacements are 3DES and DH1024.

Outcomes