Computer Security
[EN] securityvulns.ru no-pyccku


StrongSwan certificate spoofing
Published:08.06.2015
Source:
SecurityVulns ID:14527
Type:m-i-t-m
Threat Level:
5/10
Description:Server's certificate is validated after credentials are sent.
Affected:STRONGSWAN : strongSwan 5.3
CVE:CVE-2015-4171 (strongSwan 4.3.0 through 5.x before 5.3.2 and strongSwan VPN Client before 1.4.6, when using EAP or pre-shared keys for authenticating an IKEv2 connection, does not enforce server authentication restrictions until the entire authentication process is complete, which allows remote servers to obtain credentials by using a valid certificate and then reading the responses.)
Original documentdocumentDEBIAN, [SECURITY] [DSA 3282-1] strongswan security update (08.06.2015)

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod