Racoon IKE Daemon Unauthorized X.509 Certificate Connection Vulnerability

An attacker may exploit this issue using the racoon daemon itself by setting the following configuration option:

certificate_type x509 certificate badprivatekey;

(where 'badprivatekey' equals an arbitrary private key for the certificate)

The attacker can then make an unauthorized connection.


 

Privacy Statement
Copyright 2010, SecurityFocus