<!doctype html>
<html lang=en>
<meta charset=utf-8>
<title>OpenIKED Security</title>
<meta name="description" content="OpenIKED advisories">
<meta name="viewport" content="width=device-width, initial-scale=1">
<link rel="stylesheet" type="text/css" href="openbsd.css">
<link rel="canonical" href="https://www.openiked.org/security.html">
<h2 id=OpenBSD>
<a href="/">
<i>Open</i><b>IKED</b></a>
Security
</h2>
<hr>
<p>
OpenIKED is developed with the same rigorous security process that the
OpenBSD group is famous for. If you wish to report a security issue in
OpenIKED, please contact the OpenBSD project.
For more information, see the
<a href="https://www.openbsd.org/security.html#reporting">OpenBSD Security page</a>.
<ul>
<li><p><b>July 27, 2020</b><br>
All versions of OpenIKED in OpenBSD through 6.7 were vulnerable to an
authentication bypass due to incorrect use of the EVP_PKEY_cmp() function.
<p>
For more information see
<a href=https://ftp.openbsd.org/pub/OpenBSD/patches/6.7/common/014_iked.patch.sig>
the OpenBSD source code patch.</a>
<br>
This bug is corrected in OpenBSD's current and stable branches. Binary updates
for OpenBSD 6.6 and OpenBSD 6.7 can be obtained with the
<a href=https://man.openbsd.org/syspatch>syspatch(8)</a> utility.
</ul>