An authentication bypass vulnerability was discovered in strongSwan. It can be triggered by rekeying an unestablished IKEv2 SA while it gets actively initiated. All versions since 4.0.7 are affected.
A trusted partner privately reported an authentication bypass vulnerability (CVE-2014-2338) in the strongSwan IKEv2 code. Affected are all strongSwan versions back to 4.0.7, including the latest 5.1.2.
The bug can be triggered by rekeying an unestablished IKE_SA while it gets actively initiated. This allows an attacker to trick the peer's IKE_SA state to established, without the need to provide any valid authentication credentials.
Only installations that actively initiate or re-authenticate IKEv2 IKE_SAs are affected. This means when re-authentication is disabled (reauth=no) or not possible (because of the use of asymmetric EAP or virtual IP exchanges), a connection with auto=add is not exploitable. If re-authentication is enabled and no EAP/virtual IP exchange is in use, an attacker may just wait for the peer to initiate the re-authentication to start its attack.
The issue does not allow remote code execution, nor is IKEv1 affected in charon or pluto.