Lucene search
Debian Security Bug TrackerDEBIANCVE:CVE-2015-4171HistoryJun 10, 2015 - 6:59 p.m.
CVE-2015-4171
2015-06-1018:59:00
Debian Security Bug Tracker
security-tracker.debian.org
8
0.004 Low
EPSS
Percentile
74.7%
strongSwan 4.3.0 through 5.x before 5.3.2 and strongSwan VPN Client before 1.4.6, when using EAP or pre-shared keys for authenticating an IKEv2 connection, does not enforce server authentication restrictions until the entire authentication process is complete, which allows remote servers to obtain credentials by using a valid certificate and then reading the responses.
| OS | Version | Architecture | Package | Version | Filename |
|---|---|---|---|---|---|
| Debian | 12 | all | strongswan | < 5.3.1-1 | strongswan_5.3.1-1_all.deb |
| Debian | 11 | all | strongswan | < 5.3.1-1 | strongswan_5.3.1-1_all.deb |
| Debian | 10 | all | strongswan | < 5.3.1-1 | strongswan_5.3.1-1_all.deb |
| Debian | 999 | all | strongswan | < 5.3.1-1 | strongswan_5.3.1-1_all.deb |
| Debian | 13 | all | strongswan | < 5.3.1-1 | strongswan_5.3.1-1_all.deb |
Related
prion
prion
Authentication flaw
2015-06-10 18:59:00
nessus
nessus
FreeBSD : strongswan -- Information Leak Vulnerability (10d14955-0e45-11e5-b6a8-002590263bf5)
2015-06-10 00:00:00
SUSE SLED11 / SLES11 Security Update : strongswan (SUSE-SU-2015:1227-1)
2015-07-14 00:00:00
Debian DSA-3282-1 : strongswan - security update
2015-06-09 00:00:00
ibm
ibm
cve
cve
CVE-2015-4171
2015-06-10 18:59:00
openvas
openvas
SUSE: Security Advisory (SUSE-SU-2015:1227-1)
2021-06-09 00:00:00
Debian Security Advisory DSA 3282-1 (strongswan - security update)
2015-06-08 00:00:00
SUSE: Security Advisory (SUSE-SU-2015:1791-1)
2021-06-09 00:00:00
ubuntu
ubuntu
strongSwan vulnerability
2015-06-08 00:00:00
osv
osv
strongswan - security update
2015-06-12 00:00:00
strongswan - security update
2015-06-08 00:00:00
cvelist
cvelist
CVE-2015-4171
2015-06-10 18:00:00
securityvulns
securityvulns
StrongSwan certificate spoofing
2015-06-08 00:00:00
[SECURITY] [DSA 3282-1] strongswan security update
2015-06-08 00:00:00
ubuntucve
ubuntucve
CVE-2015-4171
2015-06-08 00:00:00
freebsd
freebsd
strongswan -- Information Leak Vulnerability
2015-06-08 00:00:00
debian
debian
[SECURITY] [DSA 3282-1] strongswan security update
2015-06-08 14:45:33
[SECURITY] [DLA 244-1] strongswan security update
2015-06-12 05:48:22