Vendor of Product: TRENDnet
Affected Product and Version: TEW-WLC100P v2.03b03
Description:
In TRENDnet TEW-WLC100P 2.03b03, the i_dont_care_about_security_and_use_aggressive_mode_psk
property is enabled in the strongSwan
configuration file, so that IKE Responders are allowed to use IKEv1 Aggressive Mode with Pre-Shared Keys to conduct offline attacks on the openly transmitted hash of the PSK.
Detail:
In the TEW-WLC100P
running environment, the content of /etc/strongswan.conf
is as follows.
charon {
load_modular = yes
duplicheck.enable = yes
compress = yes
plugins {
include strongswan.d/charon/*.conf
}
dns = 114.114.114.114
nbns1 = 114.114.114.114
i_dont_care_about_security_and_use_aggressive_mode_psk=yes
}
include strongswan.d/*.conf
The official documentation of strongswan (https://docs.strongswan.org/docs/latest/config/strongswanConf.html) states the following requirements.
i_dont_care_about_security_and_use_aggressive_mode_psk no
If enabled, IKE Responders are allowed to use IKEv1 Aggressive Mode with Pre-Shared Keys (PSKs). This is strongly discouraged due to security concerns (offline attacks on the openly transmitted hash of the PSK).
Clearly, there is a misconfiguration vulnerability here. IKE Responders are allowed to use IKEv1 Aggressive Mode with Pre-Shared Keys to conduct offline attacks on the openly transmitted hash of the PSK.