FreeBSD -- Missing IPsec anti-replay window check

2020-01-28T00:00:00
ID 5797C807-4279-11EA-B184-F8B156AC3FF9
Type freebsd
Reporter FreeBSD
Modified 2020-01-28T00:00:00

Description

Problem Description: A missing check means that an attacker can reinject an old packet and it will be accepted and processed by the IPsec endpoint. Impact: The impact depends on the higher-level protocols in use over IPsec. For example, an attacker who can capture and inject packets could cause an action that was intentionally performed once to be repeated.