In verify_signed_hash() in lib/liboswkeys/signatures.c in Openswan before 2.6.50.1, the RSA implementation does not verify the value of padding string during PKCS#1 v1.5 signature verification. Consequently, a remote attacker can forge signatures when small public exponents are being used. IKEv2 signature verification is affected when RAW RSA keys are used.
History

No history.

cve-icon MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2018-09-26T21:00:00

Updated: 2024-08-05T10:01:54.675Z

Reserved: 2018-08-23T00:00:00

Link: CVE-2018-15836

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Modified

Published: 2018-09-26T21:29:00.913

Modified: 2024-11-21T03:51:32.187

Link: CVE-2018-15836

cve-icon Redhat

Severity : Moderate

Publid Date: 2018-08-17T00:00:00Z

Links: CVE-2018-15836 - Bugzilla