We are happy to announce the release of strongSwan 5.3.4, which fixes a vulnerability and several other issues.
An authentication bypass vulnerability in the eap-mschapv2 plugin was fixed that enabled malicious clients to trick the server into concluding the EAP-MSCHAPv2 authentication successfully without providing valid credentials, actually, without providing any credentials at all. It was caused by insufficient verification of the internal state when handling EAP-MSCHAPv2 Success messages from clients. All versions since 4.2.12 are affected.
More information is provided in a separate blog entry.
The new sha3 plugin implements the SHA-3 Keccak-F1600 hash algorithm family. Within the strongSwan framework SHA-3 is currently used for BLISS signatures only because the OIDs for other signature algorithms haven't been defined yet. Also, the use of SHA-3 for IKEv2 has not been standardized yet.
When EAP-Identities are used a client is known under that identity (not its IKE identity) for uniqueness checks or accounting. With EAP-MACHAPv2, as implemented by our eap-mschapv2 plugin, there was no direct relationship between the username used to find a password and the EAP-Identity from the previous exchange. This has now been changed and the EAP-MSCHAPv2 username replaces the EAP-Identity so the clients are afterwards known under that verified identity.
Handling of IKEv1 Phase 2 messages (Quick Mode, Informational) has been improved. For instance, the handling of overlapping third Quick Mode messages (#1076, was partially fixed with 5.3.3, #1128), or Informational or Quick Mode messages that arrive before the last Aggressive Mode Phase 1 message (#1130), or third Quick Mode messages that trigger the retransmission detection (#1198).
NAT information for IKE_SAs is reported via VICI: Whether there was any NAT detected, whether the local or remote hosts appear to be behind a NAT and whether the server faked a NAT situation when no NAT was actually detected. Also reported are the received and sent virtual IPs. IP address leases are now optionally returned when querying IP address pools defined via VICI.