Wind River Support Network

HomeDefectsLIN8-1903
Fixed

LIN8-1903 : Security Advisory - strongswan - CVE-2015-8023

Created: Nov 29, 2015    Updated: Dec 3, 2018
Resolved Date: Jan 24, 2016
Previous ID: LIN7-5206
Found In Version: 8.0
Fix Version: 8.0.0.2
Severity: Standard
Applicable for: Wind River Linux 8
Component/s: Userspace

Description

The server implementation of the EAP-MSCHAPv2 protocol in the eap-mschapv2 plugin in strongSwan 4.2.12 through 5.x before 5.3.4 does not properly validate local state, which allows remote attackers to bypass authentication via an empty Success message in response to an initial Challenge message.

http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-8023

Other Downloads

CVEs

Live chat
Online
  • Linkedin
  • Facebook
  • Twitter
  • Youtube