FIPS oCM Vulnerability
- Author: Sierra Wireless
This article provides details on a vulnerability discovered on the oCM.
A vulnerability in the Stronswan Open SSL libraries used on the oCM, has been identified.
When using the OpenSSL plugin for ECDSA signature verification, remote attackers can authenticate as other users via an invalid signature.
More information about this issue can be found at http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=2013-2944.
This problem is limited to oCM V1.4 FIPS compliant installations only and does not affect standard oCM deployments.
A solution for this issue has been provided by Strongswan and In Motion will include this update in the next release of oCM FIPS software.
When using the OpenSSL plugin for ECDSA signature verification, remote attackers can authenticate as other users via an invalid signature.
More information about this issue can be found at http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=2013-2944.
This problem is limited to oCM V1.4 FIPS compliant installations only and does not affect standard oCM deployments.
A solution for this issue has been provided by Strongswan and In Motion will include this update in the next release of oCM FIPS software.