The server implementation of the EAP-MSCHAPv2 protocol in the eap-mschapv2 plugin in strongSwan 4.2.12 through 5.x before 5.3.4 does not properly validate local state, which allows remote attackers to bypass authentication via an empty Success message in response to an initial Challenge message.
Metrics
Affected Vendors & Products
References
History
No history.
MITRE
Status: PUBLISHED
Assigner: mitre
Published: 2015-11-18T16:00:00
Updated: 2024-08-06T08:06:31.575Z
Reserved: 2015-10-29T00:00:00
Link: CVE-2015-8023
Vulnrichment
No data.
NVD
Status : Modified
Published: 2015-11-18T16:59:07.587
Modified: 2024-11-21T02:37:51.770
Link: CVE-2015-8023
Redhat