CVE 8.7 HIGH

strongMan vulnerable to private credential recovery due to key and counter reuse_CVE-2026-25998

February 19, 2026 invoker category_cve

8.7 / 10

HIGH

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N

Description

strongMan is a management interface for strongSwan, an OpenSource IPsec-based VPN. When storing credentials in the database (private keys, EAP secrets), strongMan encrypts the corresponding database fields. So far it used AES in CTR mode with a global database key. Together with an initialization vector (IV), a key stream is generated to encrypt the data in the database fields. But because strongMan did not generate individual IVs, every database field was encrypted using the same key stream. An attacker that has access to the database can use this to recover the encrypted credentials. In particular, because certificates, which have to be considered public information, are also encrypted using the same mechanism, an attacker can directly recover a large chunk of the key stream, which allows them to decrypt basically all other secrets especially ECDSA private keys and EAP secrets, which are usually a lot shorter. Version 0.2.0 fixes the issue by switching to AES-GCM-SIV encryption with a random nonce and an individually derived encryption key, using HKDF, for each encrypted value. Database migrations are provided to automatically re-encrypt all credentials.

AI Analysis

strongMan is vulnerable to private credential recovery due to key and counter reuse, allowing an attacker to decrypt sensitive information.

Basic Information

ID CVE-2026-25998

Source GitHub_M

Published Feb 19, 2026 at 15:51

Modified Feb 19, 2026 at 15:53

Affected Product

Vendor strongswan

Product strongMan

Version < 0.2.0

Affected Versions strongswan strongMan < 0.2.0

CWE Classification

CWE-323 CWE-1204

AI Assessment

AI Score 8.7 / 10

AI Severity High

Vendor strongSwan

Product strongMan

Version < 0.2.0

References

github.com /strongswan/strongMan/security/advisories/GHSA-88w4-jv97-c8xr

{
    "lastseen": "",
    "description": "strongMan is a management interface for strongSwan, an OpenSource IPsec-based VPN. When storing credentials in the database (private keys, EAP secrets), strongMan encrypts the corresponding database fields. So far it used AES in CTR mode with a global database key. Together with an initialization vector (IV), a key stream is generated to encrypt the data in the database fields. But because strongMan did not generate individual IVs, every database field was encrypted using the same key stream. An attacker that has access to the database can use this to recover the encrypted credentials. In particular, because certificates, which have to be considered public information, are also encrypted using the same mechanism, an attacker can directly recover a large chunk of the key stream, which allows them to decrypt basically all other secrets especially ECDSA private keys and EAP secrets, which are usually a lot shorter. Version 0.2.0 fixes the issue by switching to AES-GCM-SIV encryption with a random nonce and an individually derived encryption key, using HKDF, for each encrypted value. Database migrations are provided to automatically re-encrypt all credentials.",
    "published": "2026-02-19T15:51:35.349Z",
    "modified": "2026-02-19T15:53:30.113Z",
    "type": "cve",
    "title": "strongMan vulnerable to private credential recovery due to key and counter reuse",
    "source": "GitHub_M",
    "references": "https://github.com/strongswan/strongMan/security/advisories/GHSA-88w4-jv97-c8xr",
    "id": "CVE-2026-25998",
    "bulletinFamily": "",
    "cwe": [
        "CWE-323",
        "CWE-1204"
    ],
    "cvelist": null,
    "sourceData": "strongswan strongMan < 0.2.0",
    "sourceHref": "",
    "cvss": {
        "score": 8.7,
        "severity": "HIGH",
        "vector": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N",
        "version": "4.0"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "strongMan",
    "version": "< 0.2.0",
    "vendor": "strongswan",
    "ai_description": "strongMan is vulnerable to private credential recovery due to key and counter reuse, allowing an attacker to decrypt sensitive information.",
    "ai_severity": "High",
    "ai_vendor": "strongSwan",
    "ai_product": "strongMan",
    "ai_version": "< 0.2.0",
    "ai_score": 8.7
}

💭 Join the Security Discussion ❌ Cancel Reply