FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

strongswan -- Remote Authentication Bypass

Affected packages
strongswan < 5.1.3

Details

VuXML ID 6fb521b0-d388-11e3-a790-000c2980a9f3
Discovery 2014-03-12
Entry 2014-05-04

strongSwan developers report:

Remote attackers are able to bypass authentication by rekeying an IKE_SA during (1) initiation or (2) re-authentication, which triggers the IKE_SA state to be set to established.

Only installations that actively initiate or re-authenticate IKEv2 IKE_SAs are affected.

References

CVE Name CVE-2014-2338
URL http://www.strongswan.org/blog/2014/04/14/strongswan-authentication-bypass-vulnerability-%28cve-2014-2338%29.html