An authentication bypass issue was discovered by the Codenomicon CROSS project in strongSwan, an IPsec-based VPN solution. When using RSA-based setups, a missing check in the gmp plugin could allow an attacker presenting a forged signature to successfully authenticate against a strongSwan responder. The default configuration in Debian does not use the gmp plugin for RSA operations but rather the OpenSSL plugin, so the packages as shipped by Debian are not vulnerable.