[原文]SonicWALL Tele2 and SOHO firewalls with 220.127.116.11 firmware using IPSEC with IKE pre-shared keys do not allow for the use of full 128 byte IKE pre-shared keys, which is the intended design of the IKE pre-shared key, and only support 48 byte keys. This allows a remote attacker to brute force attack the pre-shared keys with significantly less resources than if the full 128 byte IKE pre-shared keys were used.
SonicWALL TELE2/SOHO2 Firewalls are configured to use IKE pre-shared keys, but only allow 48 byte keylength instead of 128. This allows an attacker to more easily crack the keys and compromise the integrity of encrypted communication.
Currently, there are no known upgrades or patches to correct this issue. It is possible to correct the flaw by implementing the following workaround: use certificates instead of pre-shared keys.