| Vulnerability Name: | CVE-2004-0590 (CCN-16515) | ||||||||
| Assigned: | 2004-06-25 | ||||||||
| Published: | 2004-06-25 | ||||||||
| Updated: | 2017-07-11 | ||||||||
| Summary: | FreeS/WAN 1.x and 2.x, and other related products including superfreeswan 1.x, openswan 1.x before 1.0.6, openswan 2.x before 2.1.4, and strongSwan before 2.1.3, allows remote attackers to authenticate using spoofed PKCS#7 certificates in which a self-signed certificate identifies an alternate Certificate Authority (CA) and spoofed issuer and subject. | ||||||||
| CVSS v3 Severity: | 10.0 Critical (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H)
| ||||||||
| CVSS v2 Severity: | 10.0 High (CVSS v2 Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C)
| ||||||||
| Vulnerability Type: | CWE-Other | ||||||||
| Vulnerability Consequences: | Bypass Security | ||||||||
| References: | Source: CCN Type: GLSA 200406-20 FreeS/WAN, Openswan, strongSwan: Vulnerabilities in certificate handling Source: MITRE Type: CNA CVE-2004-0590 Source: GENTOO Type: Patch, Vendor Advisory GLSA-200406-20 Source: CCN Type: GLSA-200406-20 FreeS/WAN, Openswan, strongSwan: Vulnerabilities in certificate handling Source: MANDRAKE Type: Patch, Vendor Advisory MDKSA-2004:070 Source: CCN Type: Openswan Advisory 2004-06-28 Certificate chain authentication in Openswan pluto Source: CONFIRM Type: Patch, Vendor Advisory http://www.openswan.org/support/vuln/can-2004-0590/ Source: CCN Type: OSVDB ID: 7281 Swan Products X.509 Certificate Validation Bypass and DoS Source: CCN Type: BID-10611 FreeS/WAN X.509 Patch Certificate Verification Vulnerability Source: CCN Type: strongSwan Web site strongSwan - IPsec for Linux Source: XF Type: UNKNOWN ipsec-verifyx509cert-auth-bypass(16515) Source: XF Type: UNKNOWN ipsec-verifyx509cert-auth-bypass(16515) | ||||||||
| Vulnerable Configuration: | Configuration 1: Denotes that component is vulnerable | ||||||||
| BACK | |||||||||