CVE-2026-25998
strongMan vulnerable to private credential recovery due to key and counter reuse
strongMan is a management interface for strongSwan, an OpenSource IPsec-based VPN. When storing credentials in the database (private keys, EAP secrets), strongMan encrypts the corresponding database fields. So far it used AES in CTR mode with a global database key. Together with an initialization vector (IV), a key stream is generated to encrypt the data in the database fields. But because strongMan did not generate individual IVs, every database field was encrypted using the same key stream. An attacker that has access to the database can use this to recover the encrypted credentials. In particular, because certificates, which have to be considered public information, are also encrypted using the same mechanism, an attacker can directly recover a large chunk of the key stream, which allows them to decrypt basically all other secrets especially ECDSA private keys and EAP secrets, which are usually a lot shorter. Version 0.2.0 fixes the issue by switching to AES-GCM-SIV encryption with a random nonce and an individually derived encryption key, using HKDF, for each encrypted value. Database migrations are provided to automatically re-encrypt all credentials.
| CWE | CWE-323 CWE-1204 |
| Vendor | strongswan |
| Product | strongman |
| Published | Feb 19, 2026 |
| Last Updated | Feb 20, 2026 |
Get instant alerts for strongswan strongman
Be the first to know when new unknown vulnerabilities affecting strongswan strongman are published โ delivered to Slack, Telegram or Discord.