|
NetScreen weaker VPN encryption
|
|
Secunia Advisory:
|
SA8614
|
|
|
Release Date:
|
2003-04-17
|
|
Popularity:
|
4,487 views
|
|
|
Critical:
|
Less critical
|
|
Impact:
|
Exposure of sensitive information
|
|
Where:
|
From remote
|
|
Solution Status:
|
Vendor Workaround
|
|
| Software: | NetScreen Global Pro 4.x
|
|
|
Subscribe:
|
Instant alerts on relevant vulnerabilities 
|
|
Description:
NetScreen Global PRO contains an error in the default configuration of phase 1 and phase 2 proposals using AES encryption. This causes firewall and VPN appliances to use DES encryption instead of AES.
This results in a lower grade encryption than expected, but does not expose your communication directly.
This has been confirmed for version 4.0.0r1 to 4.0.0r5 and 4.1.0r1
Solution:
NetScreen has recommended the following configuration changes:
1.: Create custom proposals for IPSec phase 1 and phase 2 using AES128 as the cryptographic algorithm.
2.: Update all affected VPN configurations to use these custom proposals.
3.: As soon as practical, upgrade your Global PRO to the maintenance release identified below or a later version.
This will be fixed in Global PRO 4.1.1, which is expected to be released on 15. May 2003 and will be available from:
http://www.netscreen.com/support/updates.html
For further details contact:
support@netscreen.com
Original Advisory:
http://www.netscreen.com/support/alerts/04_16_03_57226.html
|
|
|
Track this Secunia Advisory
|
Customers of the Secunia Vulnerability Intelligence solutions will automatically receive updates when new information regarding this advisory is released.
Read more about our Vulnerability Intelligence solutions and what they can do for you and your company.
|
|
|
About this Secunia Advisory
|
Please note: The information that this Secunia Advisory is based on comes from a third party unless stated otherwise.
Secunia collects, validates, and verifies all vulnerability reports issued by security research groups, vendors, and others.
|
