EAP Authentication Vulnerability in strongSwan by strongSwan
CVE-2021-45079

9.1CRITICAL

Key Information:

Vendor: Strongswan
Status: Strongswan
Vendor: CVE Published:; 31 January 2022

What is CVE-2021-45079?

In strongSwan versions prior to 5.9.5, a security flaw allows a malicious responder to send an EAP-Success message prematurely. This can occur without proper client authentication and, in cases involving mutual authentication or EAP-only authentication for IKEv2, even without server authentication. This critical weakness could enable unauthorized access to network resources, posing significant risks to the integrity and confidentiality of secure communications.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

References

https://www.strongswan.org/blog/2022/01/24/strongswan-vul...

x_refsource_MISC

CVSS V3.1

Score:

9.1

Severity:

CRITICAL

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Jan 31, 2022
Vulnerability Reserved
Dec 16, 2021

JSON

Strongswan

What is CVE-2021-45079?

Human OS v1.0: Ageing Is an Unpatched Zero-Day Vulnerability.

References

CVSS V3.1

Timeline

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.