Vendor of Product: TRENDnet

Affected Product and Version: TEW-WLC100P v2.03b03

Description: In TRENDnet TEW-WLC100P 2.03b03, the i_dont_care_about_security_and_use_aggressive_mode_psk property is enabled in the strongSwan configuration file, so that IKE Responders are allowed to use IKEv1 Aggressive Mode with Pre-Shared Keys to conduct offline attacks on the openly transmitted hash of the PSK.

Detail:

In the TEW-WLC100P running environment, the content of /etc/strongswan.conf is as follows.

charon {
	load_modular = yes
	duplicheck.enable = yes
	compress = yes
	plugins {
		include strongswan.d/charon/*.conf
	}
	dns = 114.114.114.114
	nbns1 = 114.114.114.114
	i_dont_care_about_security_and_use_aggressive_mode_psk=yes
}
include strongswan.d/*.conf

The official documentation of strongswan (https://docs.strongswan.org/docs/latest/config/strongswanConf.html) states the following requirements.

i_dont_care_about_security_and_use_aggressive_mode_psk   no

If enabled, IKE Responders are allowed to use IKEv1 Aggressive Mode with Pre-Shared Keys (PSKs). This is strongly discouraged due to security concerns (offline attacks on the openly transmitted hash of the PSK).

Clearly, there is a misconfiguration vulnerability here. IKE Responders are allowed to use IKEv1 Aggressive Mode with Pre-Shared Keys to conduct offline attacks on the openly transmitted hash of the PSK.