Wind River Support Network

HomeDefectsLIN6-10575
Fixed

LIN6-10575 : Security Advisory - strongswan - CVE-2015-8023

Created: Nov 29, 2015    Updated: Dec 3, 2018
Resolved Date: Jan 19, 2016
Found In Version: 6.0.0.26
Fix Version: 6.0.0.28
Severity: Standard
Applicable for: Wind River Linux 6
Component/s: Userspace

Description

The server implementation of the EAP-MSCHAPv2 protocol in the eap-mschapv2 plugin in strongSwan 4.2.12 through 5.x before 5.3.4 does not properly validate local state, which allows remote attackers to bypass authentication via an empty Success message in response to an initial Challenge message.

http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-8023

Other Downloads


Live chat
Online