User: Password:
Subscribe / Log in / New account

strongswan: authentication bypass

Package(s):strongswan CVE #(s):CVE-2012-2388
Created:May 31, 2012 Updated:April 30, 2013

From the Debian advisory:

An authentication bypass issue was discovered by the Codenomicon CROSS project in strongSwan, an IPsec-based VPN solution. When using RSA-based setups, a missing check in the gmp plugin could allow an attacker presenting a forged signature to successfully authenticate against a strongSwan responder.

Debian DSA-2483-1 strongswan 2012-05-31
Fedora FEDORA-2012-8821 strongswan 2012-06-10
Fedora FEDORA-2012-8815 strongswan 2012-06-10
openSUSE openSUSE-SU-2012:0691-1 strongswan 2012-06-04

(Log in to post comments)

Copyright © 2017, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds