Описание
strongSwan 4.3.0 through 5.x before 5.3.2 and strongSwan VPN Client before 1.4.6, when using EAP or pre-shared keys for authenticating an IKEv2 connection, does not enforce server authentication restrictions until the entire authentication process is complete, which allows remote servers to obtain credentials by using a valid certificate and then reading the responses.
| Релиз | Статус | Примечание |
|---|---|---|
| devel | released | 5.1.2-0ubuntu6 |
| esm-infra-legacy/trusty | released | 5.1.2-0ubuntu2.3 |
| esm-infra/xenial | released | 5.1.2-0ubuntu6 |
| precise | ignored | end of life |
| precise/esm | DNE | precise was needed |
| trusty | released | 5.1.2-0ubuntu2.3 |
| trusty/esm | released | 5.1.2-0ubuntu2.3 |
| upstream | needs-triage | |
| utopic | released | 5.1.2-0ubuntu3.3 |
| vivid | released | 5.1.2-0ubuntu5.2 |
Показывать по
EPSS
2.6 Low
CVSS2
Связанные уязвимости
strongSwan 4.3.0 through 5.x before 5.3.2 and strongSwan VPN Client before 1.4.6, when using EAP or pre-shared keys for authenticating an IKEv2 connection, does not enforce server authentication restrictions until the entire authentication process is complete, which allows remote servers to obtain credentials by using a valid certificate and then reading the responses.
strongSwan 4.3.0 through 5.x before 5.3.2 and strongSwan VPN Client before 1.4.6, when using EAP or pre-shared keys for authenticating an IKEv2 connection, does not enforce server authentication restrictions until the entire authentication process is complete, which allows remote servers to obtain credentials by using a valid certificate and then reading the responses.
strongSwan 4.3.0 through 5.x before 5.3.2 and strongSwan VPN Client be ...
EPSS
2.6 Low
CVSS2