OpenBSD isakmpd contains a flaw that may lead to an unauthorized information disclosure. The issue is triggered when the Internet Key Exchange (IKE) daemon does not apply payload encryption and the initiator itself also does not apply payload encryption during a Phase 2 exchange, also known as a Quick Mode exchange. This will disclose encryption keys resulting in a loss of confidentiality.
Remote / Network Access
Loss of Confidentiality
Upgrade to version 3.5 or higher, as it has been reported to fix this vulnerability. It is also possible to correct the flaw by implementing the following workaround: download message.c version 1.62 or higher from the OpenBSD CVS repository and rebuild isakmpd.