FIPS oCM Vulnerability

Sep 08, 2015 - Author: Sierra Wireless - 3515 Views
A vulnerability in the Stronswan Open SSL libraries used on the oCM, has been identified.

When using the OpenSSL plugin for ECDSA signature verification, remote attackers can authenticate as other users via an invalid signature.

More information about this issue can be found at http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=2013-2944.

This problem is limited to oCM V1.4 FIPS compliant installations only and does not affect standard oCM deployments.

A solution for this issue has been provided by Strongswan and In Motion will include this update in the next release of oCM FIPS software.
©2025 All rights reserved
×
You have been successfully unsubscribed to this product. To access your subscription click here.