Andrew Vaughn

**Name of the Vulnerable Software and Affected Versions** libreswan versions prior to 4.14 **Description** The issue causes libreswan to restart under some IKEv2 retransmit scenarios when a connection is configured to use PreSharedKeys (authby=secret) and the connection cannot find a matching configured secret. This can lead to repeated crashes and a Denial of Service, especially when such a connection is automatically added on startup using the auto= keyword. The vulnerability is related to the use of PreSharedKeys for creating the AUTH payload in IKE AUTH Exchange, allowing a remote attacker to perform a Denial of Service attack. **Recommendations** For versions prior to 4.14, upgrade to version 4.14 to resolve the issue. As a temporary workaround, consider disabling the use of PreSharedKeys (authby=secret) for connections that cannot find a matching configured secret, or avoid automatically adding such connections on startup using the auto= keyword. Restrict access to the `authby=secret` configuration to minimize the risk of exploitation.