YEP.
US-CERT.GOV
http://www.us-cert.gov
===
===
http://news.com.com/Flaw+found+in+VPN+crypto+security/2100-1002_3-5705185.html?tag=nefd.top
"Flaw found in VPN crypto security"
Published: May 12, 2005, 1:31 PM PDT
By Dan Ilett
Special to CNET News.com
A flaw in a popular VPN technology could allow hackers to obtain a text version of encrypted communications with only "moderate effort," a tech security body has warned.
ARTICLE SNIPPET: "Britain's national emergency response team, the National Infrastructure Security Coordination Centre, issued a warning this week about the safety of virtual private networks that use IPsec encryption and tunneling to connect remote workers to corporate networks.
The flaw, which the NISCC rates as "high" risk, makes it possible for an attacker to intercept IP packets traveling between two IPsec devices. They could then modify the encapsulation security payload--a subprotocol that encrypts the data being transported. This could ultimately expose this data to an unauthorized third party."