The eay_check_x509cert function in KAME Racoon successfully verifies certificates even when OpenSSL validation fails, which could allow remote attackers to bypass authentication.
Max CVSS
10.0
EPSS Score
93.34%
Published
2004-12-06
Updated
2017-10-11
The KAME IKE Daemon Racoon, when authenticating a peer during Phase 1, validates the X.509 certificate but does not verify the RSA signature authentication, which allows remote attackers to establish unauthorized IP connections or conduct man-in-the-middle attacks using a valid, trusted X.509 certificate.
Max CVSS
7.5
EPSS Score
1.31%
Published
2004-06-01
Updated
2017-10-11
2 vulnerabilities found