Bug 2280412 (CVE-2022-4967) - CVE-2022-4967 strongswan: potential authorization bypass with TLS-based EAP methods
Summary: CVE-2022-4967 strongswan: potential authorization bypass with TLS-based EAP m...
Keywords:
Status: NEW
Alias: CVE-2022-4967
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
medium
medium
Target Milestone: ---
Assignee: Product Security
QA Contact:
URL:
Whiteboard:
Depends On: 2280413 2280414
Blocks:
TreeView+ depends on / blocked
 
Reported: 2024-05-14 22:49 UTC by Robb Gatica
Modified: 2024-05-14 22:49 UTC (History)
0 users

Fixed In Version: strongswan 5.9.6
Doc Type: If docs needed, set a value
Doc Text:
Clone Of:
Environment:
Last Closed:
Embargoed:


Attachments (Terms of Use)

Description Robb Gatica 2024-05-14 22:49:00 UTC
strongSwan versions 5.9.2 through 5.9.5 are affected by authorization bypass through improper validation of certificate with host mismatch (CWE-297). When certificates are used to authenticate clients in TLS-based EAP methods, the IKE or EAP identity supplied by a client is not enforced to be contained in the client's certificate. So clients can authenticate with any trusted certificate and claim an arbitrary IKE/EAP identity as their own. This is problematic if the identity is used to make policy decisions. A fix was released in strongSwan version 5.9.6 in August 2022 (e4b4aabc4996fc61c37deab7858d07bc4d220136).

https://github.com/strongswan/strongswan/commit/e4b4aabc4996fc61c37deab7858d07bc4d220136
https://www.cve.org/CVERecord?id=CVE-2022-4967
https://www.strongswan.org/blog/2024/05/13/strongswan-vulnerability-(cve-2022-4967).html

Comment 1 Robb Gatica 2024-05-14 22:49:17 UTC
Created strongswan tracking bugs for this issue:

Affects: epel-all [bug 2280413]
Affects: fedora-all [bug 2280414]


Note You need to log in before you can comment on or make changes to this bug.