CVE-2002-1623

medium

Check Point

CVSS v3 Base Score

5.0

AV:N/AC:L/Au:N/C:P/I:N/A:N

EPSS Score

72.5%

Exploitation probability in 30 days

Top 1% most likely to be exploited

Attack Characteristics

Attack Vector

Network

Attack Complexity

Low

Confidentiality

Integrity

None

Availability

None

Published: December 31, 2002 (8535 days ago)

Last Modified: April 16, 2026

Vendor: Check Point

Source: NVD

Description

The design of the Internet Key Exchange (IKE) protocol, when using Aggressive Mode for shared secret authentication, does not encrypt initiator or responder identities during negotiation, which may allow remote attackers to determine valid usernames by (1) monitoring responses before the password is supplied or (2) sniffing, as originally reported for FireWall-1 SecuRemote.

CWE

NVD-CWE-Other

Affected Products

checkpoint vpn-1 firewall-1

References

🔗 lists.grok.org.uk 🔗 marc.info 🔗 marc.info 🔗 www.checkpoint.com 🔗 www.kb.cert.org

CVE-2002-1623

Vulnerability Report

Description

CWE

Affected Products

References