Home CVE Database CVE-2015-8023

CVE-2015-8023

Description

The server implementation of the EAP-MSCHAPv2 protocol in the eap-mschapv2 plugin in strongSwan 4.2.12 through 5.x before 5.3.4 does not properly validate local state, which allows remote attackers to bypass authentication via an empty Success message in response to an initial Challenge message.

Priority: Medium
CVSS v3: 0.0
Publish Date: Nov 18, 2015
Related ID: --
CVSS v2: 5.0
Modified Date: Nov 24, 2015

Find out more about CVE-2015-8023 from the MITRE-CVE dictionary and NIST NVD


Products Affected

Login may be required to access defects or downloads.

Related Products

Product Name Status Defect Fixed Downloads
Linux 7 SCP Not Vulnerable -- -- --
Linux 7 CGP Not Vulnerable -- -- --

Comments

strongswan

Live chat
Online