15-Year-Old strongSwan Flaw Lets Attackers Crash VPNs via Integer Underflow A 15-year-old integer underflow in strongSwan’s EAP-TTLS plugin can trigger massive heap corruption and allow an attacker to knock VPN services offline by forcing impossible memory allocations. Bishop Fox and strongSwan (CVE-2026-25075) advise upgrading vulnerable installations to 6.0.5 or later, disabling EAP-TTLS if unused, and using the provided non-crashing test tool...

A 15-year-old integer underflow in strongSwan’s EAP-TTLS plugin (CVE-2026-25075) causes massive heap corruption, allowing attackers to crash VPNs via impossible memory allocations. Affects versions 4.5.0 to 6.0.4. #strongSwan #VPNFlaw #Germany

15-Year-Old “Ghost” Bug in strongSwan Could Take VPN Networks Offline 15-year-old strongSwan flaw allows attackers to crash VPNs via integer underflow bug, affecting EAP-TTLS plugin and multiple versions worldwide.

A 15-year-old flaw in strongSwan lets attackers crash VPNs using a simple integer underflow flaw. No auth needed, affects versions used for over a decade. Patch now.

Read: hackread.com/strongswan-f...

#CyberSecurity #Infosec #VPN #Vulnerability #strongSwan

How To Set Up An IPsec With IKEv2 VPN Server On An Ubuntu Linux Cloud Server (VPS) youtu.be/RdgoB8HBx-I #Websplaining #IKEv2 #IPsec #VPN #VPS #CloudServer #VirtualPrivateServer #Ubuntu #Linux #strongSwan #hwdsl2 #Libreswan #xl2tpd #L2TP #Cisco #XAuth #VirualPrivateNetwork

Da muss man auch erst mal drauf kommen dass das #vici plugin für #strongswan im Paket strongswan-swanctl steckt.

Original post on himself.alexanderdunkel.com

Wow! After delving into IPSec strongSwan rekeying, I now know that the initial 'data key' (Child SA) is like a quick handshake with no fancy secret exchange (PFS) (see the documentation [1]). However, for rekeys, it's full secret agent handshake mode! Writing the GitHub bug report, which turned […]

A picture of a swan altered with two muscular arms flexing pasted on top of the swan as it's a buff swan

New logo concept proposal @strongswan.org

#StrongSwan #GraphicDesignItsMyPassion

strongSwan - IPsec VPN for Linux, Android, FreeBSD, macOS, Windows strongSwan is an open-source, modular and portable IPsec-based VPN solution

#strongSwan 6.0.0 has been released ( #IPsec / #VPN / #IKE / #IKEv1 / #IKEv2 / #PostQuantumIKEv2 / #PostQuantumEncryption / #PostQuantum / #X509 / #FreeSWAN ) strongswan.org

strongSwan - strongSwan 6.0.0 Released

strongSwan 6.0.0 has been released! It brings support for multiple (classic) and post-quantum key exchanges. More detailed infos in the announcement blog post here:

#opensource #strongswan #ikev2 #ipsec

strongswan.org/blog/2024/12...

... ein #VPN-Zugang via #Strongswan #IPsec / #IKEv2 mit einer #eap-MSCHAPv2 Authentifizierung lässt sich gar nicht einrichten. Das ist für meine Belange eigentlich eine rote Linie. Zudem gibt es überall Probleme wo #Java ins Spiel kommt. Zum Beispiel ist #DBeaver für mich kaum nutzbar. Sehr schade.

strongSwan - strongSwan Vulnerability (CVE-2023-41913)

If anyone bothered to read the actual advisory (CVE-2023-41913) and asked themselves if the #strongSwan update was actually needed: no, it most probably was pointless because most Distros do not even build charon-tkm ¯\_(ツ)_/¯

Blog post with full details:
www.strongswan.org/blog/2023/11...