TRENDnet TEW-WLC100P IKEv1 Aggressive Mode PSK Misconfiguration Vulnerability

A vulnerability exists in the TRENDnet TEW-WLC100P access point running version 2.03b03, where the strongSwan configuration file allows IKEv1 Aggressive Mode with Pre-Shared Keys (PSKs). This misconfiguration enables IKE Responders to perform offline attacks on the hash of the PSK, which is transmitted openly. The issue arises because the 'i_dont_care_about_security_and_use_aggressive_mode_psk' option is enabled, contrary to strongSwan's official documentation that advises against such a setting.

Impact

The vulnerability allows for offline attacks on the Pre-Shared Key hash, potentially leading to the exposure of the PSK used in IKEv1 negotiations.

Reproduction

The vulnerability can be reproduced by examining the strongSwan configuration file at '/etc/strongswan.conf'. The presence of the 'i_dont_care_about_security_and_use_aggressive_mode_psk' option set to 'yes' indicates that the vulnerability is active. Once this option is enabled, IKE Responders can use Aggressive Mode with PSKs, allowing them to attack the hashed PSK transmission.