FIPS oCM Vulnerability

Sep 08, 2015 - Author: Sierra Wireless - 559 Views
A vulnerability in the Stronswan Open SSL libraries used on the oCM, has been identified.

When using the OpenSSL plugin for ECDSA signature verification, remote attackers can authenticate as other users via an invalid signature.

More information about this issue can be found at http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=2013-2944.

This problem is limited to oCM V1.4 FIPS compliant installations only and does not affect standard oCM deployments.

A solution for this issue has been provided by Strongswan and In Motion will include this update in the next release of oCM FIPS software.
©2017 Sierra Wireless. All rights reserved.
×
Get updates on this product
You have been successfully subscribed to this product. To access your subscription click here.
You have been successfully unsubscribed to this product. To access your subscription click here.