CVE-2012-2388
strongSwan 4.2.0-4.6.3 - Authentication Bypass via Empty or Zeroed RSA Signature
Title source: llmDescription
The GMP Plugin in strongSwan 4.2.0 through 4.6.3 allows remote attackers to bypass authentication via a (1) empty or (2) zeroed RSA signature, aka "RSA signature verification vulnerability."
References (11)
Core 11
Core References
Third Party Advisory, VDB Entry vdb-entry
x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/76013
Third Party Advisory, VDB Entry vdb-entry
x_refsource_sectrack
http://www.securitytracker.com/id?1027110
Third Party Advisory, VDB Entry vdb-entry
x_refsource_osvdb
http://osvdb.org/82587
Vendor Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/49336
Vendor Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/49315
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/53752
Vendor Advisory x_refsource_confirm
http://www.strongswan.org/blog/2012/05/31/strongswan-4.6.4-released-%28cve-2012-2388%29.html
Mailing List vendor-advisory
x_refsource_suse
http://lists.opensuse.org/opensuse-security-announce/2012-06/msg00002.html
Third Party Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/55051
Vendor Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/49370
Third Party Advisory vendor-advisory
x_refsource_debian
http://www.debian.org/security/2012/dsa-2483
Scores
EPSS
0.0328
EPSS Percentile
86.9%
Details
CWE
CWE-287
Status
published
Products (34)
strongswan/strongswan
4.2.0
strongswan/strongswan
4.2.1
strongswan/strongswan
4.2.2
strongswan/strongswan
4.2.3
strongswan/strongswan
4.2.4
strongswan/strongswan
4.2.5
strongswan/strongswan
4.2.6
strongswan/strongswan
4.2.7
strongswan/strongswan
4.2.8
strongswan/strongswan
4.2.9
... and 24 more
Published
Jun 27, 2012
Tracked Since
Feb 18, 2026