General Discussion strongSwan Authentication Bypass Vulnerability (CVE-2014-2338)

UTM Firewall requires membership for participation - click to join

Thread Info

State Not Answered
Locked Locked
Replies 2 replies
Subscribers 3 subscribers
Views 1127 views
Users 0 members are here

Options

Suggested

This discussion has been locked.

You can no longer post new replies to this discussion. If you have a question you can start a new discussion

strongSwan Authentication Bypass Vulnerability (CVE-2014-2338)

DirkR over 11 years ago

Is Sophos UTM affected by this?

strongSwan - strongSwan Authentication Bypass Vulnerability (CVE-2014-2338)

--

regards

This thread was automatically locked due to age.

0 mino over 11 years ago

Is Sophos UTM affected by this?
strongSwan - strongSwan Authentication Bypass Vulnerability (CVE-2014-2338)

AFAIK we do not support IKEv2 and this bug only seems to be IKEv2 related.
Cancel
Vote Up 0 Vote Down

Cancel
0 BAlfson over 11 years ago

Julian's right. The UTM still uses pluto, so does not support IKEv2. If you'd like to see Sophos change to charon from pluto, you can vote for Upgrade to modern version of StrongSWAN which uses charon instead of pluto on the Feature site.

Cheers - Bob
Cancel
Vote Up 0 Vote Down

Cancel