Lucene search
MitreCVELIST:CVE-2015-8023HistoryNov 18, 2015 - 4:00 p.m.
CVE-2015-8023
2015-11-1816:00:00
mitre
www.cve.org
3
The server implementation of the EAP-MSCHAPv2 protocol in the eap-mschapv2 plugin in strongSwan 4.2.12 through 5.x before 5.3.4 does not properly validate local state, which allows remote attackers to bypass authentication via an empty Success message in response to an initial Challenge message.
References
lists.opensuse.org/opensuse-security-announce/2015-12/msg00025.html
lists.opensuse.org/opensuse-updates/2015-11/msg00139.html
www.debian.org/security/2015/dsa-3398
www.securityfocus.com/bid/84947
www.ubuntu.com/usn/USN-2811-1
www.strongswan.org/blog/2015/11/16/strongswan-vulnerability-%28cve-2015-8023%29.html
Related
nessus
nessus
SUSE SLED11 / SLES11 Security Update : strongswan (SUSE-SU-2015:2186-1)
2015-12-04 00:00:00
Ubuntu 14.04 LTS : strongSwan vulnerability (USN-2811-1)
2015-11-17 00:00:00
openSUSE Security Update : strongswan (openSUSE-2015-810)
2015-11-30 00:00:00
openvas
openvas
Debian: Security Advisory (DLA-345-1)
2023-03-08 00:00:00
SUSE: Security Advisory (SUSE-SU-2015:2183-1)
2021-04-19 00:00:00
Debian Security Advisory DSA 3398-1 (strongswan - security update)
2015-11-16 00:00:00
prion
prion
Authentication flaw
2015-11-18 16:59:00
ubuntucve
ubuntucve
CVE-2015-8023
2015-11-16 00:00:00
nvd
nvd
CVE-2015-8023
2015-11-18 16:59:07
suse
suse
Security update for strongswan (important)
2015-12-21 23:10:52
debian
debian
[SECURITY] [DSA 3398-1] strongswan security update
2015-11-16 13:14:07
[SECURITY] [DLA 345-1] strongswan security update
2015-11-19 12:46:30
cve
cve
CVE-2015-8023
2015-11-18 16:59:07
ibm
ibm
debiancve
debiancve
CVE-2015-8023
2015-11-18 16:59:07
freebsd
freebsd
strongswan -- authentication bypass vulnerability in the eap-mschapv2 plugin
2015-11-16 00:00:00
ubuntu
ubuntu
strongSwan vulnerability
2015-11-16 00:00:00
osv
osv
strongswan-5.3.5-1.1 on GA media
2024-06-15 00:00:00