First published: Wed Jun 30 2004(Updated: )
FreeS/WAN 1.x and 2.x, and other related products including superfreeswan 1.x, openswan 1.x before 1.0.6, openswan 2.x before 2.1.4, and strongSwan before 2.1.3, allows remote attackers to authenticate using spoofed PKCS#7 certificates in which a self-signed certificate identifies an alternate Certificate Authority (CA) and spoofed issuer and subject.
Credit: cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
Farmers Wife | =1 | |
Farmers Wife | =2 | |
FreeS WAN | =1 | |
Xelerance Openswan | =1 | |
Xelerance Openswan | =2 | |
strongSwan | <=2.1.2 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2004-0590 is classified as a high-severity vulnerability due to its potential for remote exploitation.
To fix CVE-2004-0590, upgrade to the latest versions of FreeS/WAN, Openswan, or StrongSwan that are not affected by this vulnerability.
CVE-2004-0590 affects multiple versions of FreeS/WAN, Openswan, and StrongSwan software products.
The attack vector for CVE-2004-0590 involves remote attackers utilizing spoofed PKCS#7 certificates.
If CVE-2004-0590 is exploited, an attacker may gain unauthorized access to affected systems by impersonating a legitimate user.