Unrated severityNVD Advisory· Published Dec 31, 2002· Updated Apr 16, 2026

CVE-2002-1623

Description

The design of the Internet Key Exchange (IKE) protocol, when using Aggressive Mode for shared secret authentication, does not encrypt initiator or responder identities during negotiation, which may allow remote attackers to determine valid usernames by (1) monitoring responses before the password is supplied or (2) sniffing, as originally reported for FireWall-1 SecuRemote.

Affected products

Checkpoint/Vpn 1 Firewall 12 versions
cpe:2.3:a:checkpoint:vpn-1_firewall-1:4.0:*:*:*:*:*:*:*+ 1 more
- cpe:2.3:a:checkpoint:vpn-1_firewall-1:4.0:*:*:*:*:*:*:*
- cpe:2.3:a:checkpoint:vpn-1_firewall-1:4.1:*:*:*:*:*:*:*

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

www.securiteam.com/securitynews/5TP040U8AW.htmlnvdExploit
www.securityfocus.com/archive/1/290202nvdExploit
www.kb.cert.org/vuls/id/886601nvdUS Government Resource
lists.grok.org.uk/pipermail/full-disclosure/2002-September/001223.htmlnvd
marc.infonvd
marc.infonvd
www.checkpoint.com/techsupport/alerts/ike.htmlnvd
www.nta-monitor.com/news/checkpoint.htmnvd
www.securityfocus.com/bid/5607nvd
exchange.xforce.ibmcloud.com/vulnerabilities/10034nvd

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.058
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000