CVE-2012-2388 — Improper Authentication in Strongswan

CWE-287 — Improper Authentication7 documents5 sources

Severity

7.5HIGHNVD

EPSS

0.7%

top 28.18%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Strongswan Debian Strongswan

Timeline

PublishedJun 27

Latest updateMay 17

Description

The GMP Plugin in strongSwan 4.2.0 through 4.6.3 allows remote attackers to bypass authentication via a (1) empty or (2) zeroed RSA signature, aka "RSA signature verification vulnerability."

CVSS vector

AV:N/AC:L/C:P/I:P/A:PExploitability: 10.0 | Impact: 6.4

Affected Packages3 packages

▶debiandebian/strongswan< strongswan 4.5.2-1.4 (bookworm)

▶Debianstrongswan/strongswan< 4.5.2-1.4+3

▶NVDstrongswan/strongswan34 versions+33

🔴Vulnerability Details

GHSA

GHSA-4cvm-fc9f-m7w8: The GMP Plugin in strongSwan 4↗2022-05-17

▶

OSV

CVE-2012-2388: The GMP Plugin in strongSwan 4↗2012-06-27

▶

📋Vendor Advisories

Debian

CVE-2012-2388: strongswan - The GMP Plugin in strongSwan 4.2.0 through 4.6.3 allows remote attackers to bypa...↗2012

▶

💬Community

Bugzilla

CVE-2012-2388 strongswan: authentication bypass due to RSA signature verification flaw [fedora-all]↗2012-06-04

▶

Bugzilla

CVE-2012-2388 strongswan: authentication bypass due to RSA signature verification flaw [epel-6]↗2012-06-04

▶

Bugzilla

CVE-2012-2388 strongswan: authentication bypass due to RSA signature verification flaw↗2012-06-04

▶