In strongSwan before 5.9.5, a malicious responder can send an EAP-Success message too early without actually authenticating the client and (in the case of EAP methods with mutual authentication and EAP-only authentication for IKEv2) even without server authentication.
History

No history.

cve-icon MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2022-01-31T07:15:52

Updated: 2024-08-04T04:32:13.673Z

Reserved: 2021-12-16T00:00:00

Link: CVE-2021-45079

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Modified

Published: 2022-01-31T08:15:07.307

Modified: 2024-11-21T06:31:54.450

Link: CVE-2021-45079

cve-icon Redhat

No data.