2.6 Low
CVSS2
Access Vector
NETWORK
Access Complexity
HIGH
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:H/Au:N/C:P/I:N/A:N
0.004 Low
EPSS
Percentile
74.5%
strongSwan Project reports:
An information leak vulnerability was fixed that, in certain IKEv2
setups, allowed rogue servers with a valid certificate accepted by
the client to trick it into disclosing user credentials (even plain
passwords if the client accepts EAP-GTC). This was caused because
constraints against the server’s authentication were enforced too
late. All versions since 4.3.0 are affected.
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
FreeBSD | any | noarch | strongswan | = 4.3.0 | UNKNOWN |
FreeBSD | any | noarch | strongswan | < 5.3.2 | UNKNOWN |