Unrated severityNVD Advisory· Published Dec 6, 2004· Updated Apr 16, 2026

CVE-2004-0590

Description

FreeS/WAN 1.x and 2.x, and other related products including superfreeswan 1.x, openswan 1.x before 1.0.6, openswan 2.x before 2.1.4, and strongSwan before 2.1.3, allows remote attackers to authenticate using spoofed PKCS#7 certificates in which a self-signed certificate identifies an alternate Certificate Authority (CA) and spoofed issuer and subject.

Affected products

Frees Wan/Frees Wan2 versions
cpe:2.3:a:frees_wan:frees_wan:1:*:*:*:*:*:*:*+ 1 more
- cpe:2.3:a:frees_wan:frees_wan:1:*:*:*:*:*:*:*
- cpe:2.3:a:frees_wan:frees_wan:2:*:*:*:*:*:*:*
Frees Wan/Super Frees Wan
cpe:2.3:a:frees_wan:super_frees_wan:1:*:*:*:*:*:*:*
Xelerance/Openswan2 versions
cpe:2.3:a:openswan:openswan:1:*:*:*:*:*:*:*+ 1 more
- cpe:2.3:a:openswan:openswan:1:*:*:*:*:*:*:*
- cpe:2.3:a:openswan:openswan:2:*:*:*:*:*:*:*
Strongswan/Strongswan
cpe:2.3:a:strongswan:strongswan:*:*:*:*:*:*:*:*
Range: <=2.1.2

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

security.gentoo.org/glsa/glsa-200406-20.xmlnvdPatchVendor Advisory
www.mandrakesecure.net/en/advisories/advisory.phpnvdPatchVendor Advisory
www.openswan.org/support/vuln/can-2004-0590/nvdPatchVendor Advisory
exchange.xforce.ibmcloud.com/vulnerabilities/16515nvd

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000