Описание
In strongSwan before 5.9.5, a malicious responder can send an EAP-Success message too early without actually authenticating the client and (in the case of EAP methods with mutual authentication and EAP-only authentication for IKEv2) even without server authentication.
| Релиз | Статус | Примечание |
|---|---|---|
| bionic | released | 5.6.2-1ubuntu2.8 |
| devel | released | 5.9.4-1ubuntu4 |
| esm-infra-legacy/trusty | released | 5.1.2-0ubuntu2.11+esm2 |
| esm-infra/bionic | released | 5.6.2-1ubuntu2.8 |
| esm-infra/focal | released | 5.8.2-1ubuntu3.4 |
| esm-infra/xenial | released | 5.3.5-1ubuntu3.8+esm2 |
| fips-preview/jammy | released | 5.9.4-1ubuntu4 |
| fips-updates/bionic | released | 5.6.2-1ubuntu2.fips.2.8.1 |
| fips-updates/focal | released | 5.8.2-1ubuntu3.fips.3.4.1 |
| fips-updates/jammy | released | 5.9.4-1ubuntu4 |
Показывать по
Ссылки на источники
5.8 Medium
CVSS2
9.1 Critical
CVSS3
Связанные уязвимости
In strongSwan before 5.9.5, a malicious responder can send an EAP-Success message too early without actually authenticating the client and (in the case of EAP methods with mutual authentication and EAP-only authentication for IKEv2) even without server authentication.
In strongSwan before 5.9.5, a malicious responder can send an EAP-Succ ...
5.8 Medium
CVSS2
9.1 Critical
CVSS3