Home CVE Database CVE-2015-8023



The server implementation of the EAP-MSCHAPv2 protocol in the eap-mschapv2 plugin in strongSwan 4.2.12 through 5.x before 5.3.4 does not properly validate local state, which allows remote attackers to bypass authentication via an empty Success message in response to an initial Challenge message.

Priority: Medium
CVSS v3: 0.0
Publish Date: Nov 18, 2015
Related ID: --
CVSS v2: 5.0
Modified Date: Nov 24, 2015

Find out more about CVE-2015-8023 from the MITRE-CVE dictionary and NIST NVD

Products Affected

Login may be required to access defects or downloads.

Related Products

Product Name Status Defect Fixed Downloads
Linux 7 SCP Not Vulnerable -- -- --
Linux 7 CGP Not Vulnerable -- -- --



Live chat