Wind River Support Network


LIN6-10575 : Security Advisory - strongswan - CVE-2015-8023

Created: Nov 29, 2015    Updated: Dec 3, 2018
Resolved Date: Jan 19, 2016
Found In Version:
Fix Version:
Severity: Standard
Applicable for: Wind River Linux 6
Component/s: Userspace


The server implementation of the EAP-MSCHAPv2 protocol in the eap-mschapv2 plugin in strongSwan 4.2.12 through 5.x before 5.3.4 does not properly validate local state, which allows remote attackers to bypass authentication via an empty Success message in response to an initial Challenge message.

Other Downloads

Live chat