CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:L/Au:N/C:N/I:P/A:N
EPSS
Percentile
77.1%
The server implementation of the EAP-MSCHAPv2 protocol in the eap-mschapv2
plugin in strongSwan 4.2.12 through 5.x before 5.3.4 does not properly
validate local state, which allows remote attackers to bypass
authentication via an empty Success message in response to an initial
Challenge message.
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
ubuntu | 14.04 | noarch | strongswan | < 5.1.2-0ubuntu2.4 | UNKNOWN |
ubuntu | 15.04 | noarch | strongswan | < 5.1.2-0ubuntu5.3 | UNKNOWN |
ubuntu | 15.10 | noarch | strongswan | < 5.1.2-0ubuntu6.2 | UNKNOWN |
ubuntu | 16.04 | noarch | strongswan | < 5.1.2-0ubuntu7 | UNKNOWN |
ubuntu | 16.10 | noarch | strongswan | < 5.1.2-0ubuntu7 | UNKNOWN |
ubuntu | 17.04 | noarch | strongswan | < 5.1.2-0ubuntu7 | UNKNOWN |