Hi, I have just scanned one of our routers public address, this is a Cisco 877 ADSL router in VPN mode to a Cisco Concentrator and get this vulnerability, what does it mean?
Pre-shared Key Off-line Bruteforcing Using IKE Aggressive Mode
IKE is used during Phase 1 and Phase 2 of establishing an IPSec connection. Phase 1 is where the two ISAKMP peers establish a secure, authenticated channel with which to communicate. Every participant in IKE must possess a key which may be either pre-shared (PSK) or a public key. There are inherent risks to configurations that use pre-shared keys which are exaggerated when Aggressive Mode is used.
Using Aggressive Mode with pre-shared keys is the least secure option. In this particular scenario, it is possible for an attacker to gather all necessary information in order to mount an off-line dictionary (brute force) attack on the pre-shared keys. For more information about this type of attack, visit http://www.ima.umn.edu/~pliam/xauth/.
IKE Aggressive mode with pre-shared keys should be avoided where possible. Otherwise a strong pre-shared key should be chosen.
Thanks for the additional output. The presence of statements like this referencing Main Mode
Nov 5 19:12:42.702: ISAKMP:(0:21:SW:1):Input = IKE_MESG_INTERNAL, IKE_PROCESS_MAIN_MODE
and the lack of any messages referencing aggressive mode are proof that this connection does not use aggressive mode and thus the vulnerability is minimized.