An authentication bypass vulnerability was found in charon, the daemon handling IKEv2 in strongSwan, an IKE/IPsec suite. The state machine handling the security association handled some state transitions incorrectly. An attacker can trigger the vulnerability by rekeying an unestablished IKE_SA during the initiation itself. This will trick the IKE_SA state to "established" without the need to provide any valid credential. Vulnerable setups include those actively initiating IKEv2 IKE_SA but also during re-authentication . Installations using IKEv1 is not affected.