← back
CVE-2013-2944

CVE-2013-2944

EPSS 1.6%
strongSwan 4.3.5 through 5.0.3, when using the OpenSSL plugin for ECDSA signature verification, allows remote attackers to authenticate as other users via an invalid signature.
Affected products
n/a · n/a

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
http://download.strongswan.org/patches/10_openssl_ecdsa_signature_patch/strongswan-4.3.5-5.0.3_openssl_ecdsa_signature.patchhttp://lists.opensuse.org/opensuse-updates/2013-05/msg00014.htmlhttp://lists.opensuse.org/opensuse-updates/2013-06/msg00010.htmlhttp://lists.opensuse.org/opensuse-updates/2013-06/msg00121.htmlhttp://www.debian.org/security/2013/dsa-2665http://www.securityfocus.com/bid/59580http://www.strongswan.org/blog/2013/04/30/strongswan-5.0.4-released-%28cve-2013-2944%29.html