Users login

Create an account »

JOIN XATRIX

Users login

Home » Hacking News » NetScreen-Global PRO Policy Manager Server default configuration

NetScreen-Global PRO Policy Manager Server default configuration

by Mario Miri on April 25th, 2003 Default software configuration has definitions which use weak encryption routines than intended. The issue is due to default definitions for IPSec used by Global PRO Policy Manager. Specifically, phase 1 and phase 2 proposals using AES encryption algorithms will result in VPN configurations using DES encryption instead of the expected AES128.


Vulnerable:
NetScreen-Global PRO Policy Manager Server 4.1.0r1
NetScreen-Global PRO Policy Manager Server 4.0.0r5
NetScreen-Global PRO Policy Manager Server 4.0.0r4
NetScreen-Global PRO Policy Manager Server 4.0.0r3
NetScreen-Global PRO Policy Manager Server 4.0.0r2
NetScreen-Global PRO Policy Manager Server 4.0.0r1


Solution:
Updates are available from
http://www.netscreen.com/support/updates.html


Discovered by:
Reported by the vendor.


Newsletter signup

Signup to our monthly newsletter and stay in touch with IT news!

Free E-books

We've got ebooks! But they're not online. :( Please give us a few days to bring downloads back.

Contact

Have something to say or just wanna drop us a line? Please keep this in mind: to spam, we reply with spam.

Contact us »