Title: NetScreen Global PRO Policy Manager IPSec Tunnel Security Configuration Weakness
Severity: MODERATE
Description:
NetScreen is a line of Internet security appliances integrating firewall, VPN and traffic management features. NetScreen supports Microsoft Windows 95, 98, ME, NT and 2000 clients.
An issue has been reported in NetScreen Global PRO Policy Manager that may result in weaker than intended encryption routines used in IPSec tunnels.
The issue is due to default definitions for IPSec used by Global PRO Policy Manager. Specifically, phase 1 and phase 2 proposals using AES encrytion alogrithms will result in VPN configurations using DES encryption instead of the expected AES128.
All VPNs managed by Global PRO Policy Manager using predefined proposals named "g2-aes128-sha", "g2-aes128-md5", "esp-aes128-sha", and "esp-aes128-md5" suffer from this issue.
NetScreen Global PRO Policy Manager 4.0.0r1 through 4.0.0r5 and 4.1.0r1 are affected by this weakness.
Affected Products:
- NetScreen NetScreen-Global PRO Policy Manager Server 4.0.0r1
- NetScreen NetScreen-Global PRO Policy Manager Server 4.0.0r2
- NetScreen NetScreen-Global PRO Policy Manager Server 4.0.0r3
- NetScreen NetScreen-Global PRO Policy Manager Server 4.0.0r4
- NetScreen NetScreen-Global PRO Policy Manager Server 4.0.0r5
- NetScreen NetScreen-Global PRO Policy Manager Server 4.1.0r1
References:
- NetScreen: NetScreen Security Advisory 57226
Juniper Networks provides this content via a wide variety of sources and production methods. If notified of errors or omissions in the content of this page, Juniper Networks, at its discretion, will modify or remove the page or leave the content as is, depending on various factors including but not limited to the reputation and authority of the party providing the notification. Please use the contact information displayed elsewhere on this page to report any errors or omissions regarding the content on this page.
