Version 5.3.2 » History » Version 2
Tobias Brunner, 08.06.2015 14:01
| 1 | 1 | Tobias Brunner | h1. Version 5.3.2 |
|---|---|---|---|
| 2 | 1 | Tobias Brunner | |
| 3 | 2 | Tobias Brunner | * Fixed a vulnerability that allowed rogue servers with a valid certificate |
| 4 | 2 | Tobias Brunner | accepted by the client to trick it into disclosing its username and even |
| 5 | 2 | Tobias Brunner | password (if the client accepts EAP-GTC). This was caused because constraints |
| 6 | 2 | Tobias Brunner | against the responder's authentication were enforced too late. |
| 7 | 2 | Tobias Brunner | This vulnerability has been registered as "CVE-2015-4171":http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=2015-4171. |
| 8 | 2 | Tobias Brunner | Please refer to "our blog":https://www.strongswan.org/blog/2015/06/08/strongswan-vulnerability-(cve-2015-4171).html for details. |