FreeBSD : strongswan -- Information Leak Vulnerability (10d14955-0e45-11e5-b6a8-002590263bf5)
Low Nessus Plugin ID 84068
SynopsisThe remote FreeBSD host is missing a security-related update.
DescriptionstrongSwan Project reports :
An information leak vulnerability was fixed that, in certain IKEv2 setups, allowed rogue servers with a valid certificate accepted by the client to trick it into disclosing user credentials (even plain passwords if the client accepts EAP-GTC). This was caused because constraints against the server's authentication were enforced too late. All versions since 4.3.0 are affected.
SolutionUpdate the affected package.