FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

strongswan - Incorrect Handling of Early EAP-Success Messages

Affected packages
strongswan < 5.9.5


VuXML ID ccaea96b-7dcd-11ec-93df-00224d821998
Discovery 2021-12-16
Entry 2022-01-25

Strongswan Release Notes reports:

Fixed a vulnerability in the EAP client implementation that was caused by incorrectly handling early EAP-Success messages. It may allow to bypass the client and in some scenarios even the server authentication, or could lead to a denial-of-service attack. This vulnerability has been registered as CVE-2021-45079.


CVE Name CVE-2021-45079