Wind River Support Network

HomeDefectsLIN7-5178
Fixed

LIN7-5178 : Security Advisory - strongswan - CVE-2015-8023

Created: Nov 29, 2015    Updated: Sep 8, 2018
Resolved Date: Jan 18, 2016
Found In Version: 7.0.0.11
Fix Version: 7.0.0.13
Severity: Standard
Applicable for: Wind River Linux 7
Component/s: Userspace

Description

The server implementation of the EAP-MSCHAPv2 protocol in the eap-mschapv2 plugin in strongSwan 4.2.12 through 5.x before 5.3.4 does not properly validate local state, which allows remote attackers to bypass authentication via an empty Success message in response to an initial Challenge message.

http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-8023

Other Downloads


CVEs


Live chat
Online