{
  "threat_severity" : "Low",
  "public_date" : "2008-02-28T00:00:00Z",
  "bugzilla" : {
    "description" : "initscripts: IPSec ifup script allows for aggressive IKE mode",
    "id" : "435274",
    "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=435274"
  },
  "cvss" : {
    "cvss_base_score" : "2.6",
    "cvss_scoring_vector" : "AV:N/AC:H/Au:N/C:P/I:N/A:N",
    "status" : "verified"
  },
  "details" : [ "The default IPSec ifup script in Red Hat Enterprise Linux 3 through 5 configures racoon to use aggressive IKE mode instead of main IKE mode, which makes it easier for remote attackers to conduct brute force attacks by sniffing an unencrypted preshared key (PSK) hash." ],
  "acknowledgement" : "Red Hat would like to thank Aleksander Adamowski for reporting this issue.",
  "affected_release" : [ {
    "product_name" : "Red Hat Enterprise Linux 5",
    "release_date" : "2012-02-21T00:00:00Z",
    "advisory" : "RHSA-2012:0312",
    "cpe" : "cpe:/o:redhat:enterprise_linux:5",
    "package" : "initscripts-0:8.45.42-1.el5"
  } ],
  "package_state" : [ {
    "product_name" : "Red Hat Enterprise Linux 4",
    "fix_state" : "Will not fix",
    "package_name" : "initscripts",
    "cpe" : "cpe:/o:redhat:enterprise_linux:4"
  } ],
  "references" : [ "https://www.cve.org/CVERecord?id=CVE-2008-1198\nhttps://nvd.nist.gov/vuln/detail/CVE-2008-1198" ],
  "name" : "CVE-2008-1198",
  "csaw" : false
}