We just released strongSwan 5.0.4, which fixes a security vulnerability (CVE-2013-2944) that exists in all versions since 4.3.5 and up to 5.0.3. If the strongSwan "openssl" plugin is used for ECDSA signature verification, an empty, zeroed or otherwise invalid signature is handled as a legitimate one. Affected are only installations that have enabled and loaded the OpenSSL crypto backend (--enable-openssl). Builds using the default crypto backends are not affected. While this new ECDSA vulnerability is very similar to the RSA signature vulnerability CVE-2012-2388, it is not directly related. A connection definition using ECDSA authentication is required to exploit this vulnerability. Given that, an attacker presenting a forged signature and/or certificate can authenticate as any legitimate user. Injecting code is not possible by such an attack. The patch at [1] fixes the vulnerability and should apply to all affected versions. strongSwan 5.0.4 includes the fix and other minor changes and can be downloaded from [2]. This vulnerability was discovered by Kevin Wojtysiak, an independent Security Consultant. We want to express our thanks to Kevin for notifying us in advance about this critical security issue. The above information can also be found in our blog entry at [3]. Our apologies for having such a serious vulnerability in the strongSwan codebase. Kind Regards, Tobias [1] http://download.strongswan.org/patches/10_openssl_ecdsa_signature_patch/ [2] http://www.strongswan.org/download.html [3] http://www.strongswan.org/strongswan-5.0.4-released-(cve-2013-2944).html