Authentication Bypass in OpenIKED used by OpenBSD
CVE-2020-16088

9.8CRITICAL

Key Information:

Vendor
OpenBSD
Status
OpenBSD
Vendor
CVE Published:
28 July 2020

Summary

The vulnerability in OpenIKED, implemented in OpenBSD up to version 6.7, arises from faulty logic in the ca.c file that incorrectly verifies whether a public key is valid. This flaw may allow unauthorized parties to bypass authentication mechanisms, posing a significant risk to the security posture of affected systems.

References

https://www.openiked.org/security.html
x_refsource_MISC
https://github.com/xcllnt/openiked/commits/master
x_refsource_MISC
https://ftp.openbsd.org/pub/OpenBSD/patches/6.7/common/01...
x_refsource_CONFIRM

CVSS V3.1

Score:
9.8
Severity:
CRITICAL
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.