Vulnerability in RSA Implementation of strongSwan Affects Secure Communications
CVE-2018-16152
7.5HIGH
What is CVE-2018-16152?
In the strongSwan gmp plugin, an issue exists in the verify_emsa_pkcs1_signature() function that inadequately handles excess data in the digestAlgorithm.parameters field during PKCS#1 v1.5 signature verification. This flaw enables remote attackers to forge RSA signatures, particularly when small public exponents are in use, potentially leading to unauthorized impersonation during IKEv2 authentication. This vulnerability is similar to previously reported issues, raising concerns for secure communication protocols reliant on RSA signatures.
Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.
Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.
References
CVSS V3.1
Score:
7.5
Severity:
HIGH
Confidentiality:
None
Integrity:
High
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged
Timeline
Vulnerability published
Vulnerability Reserved