CVE-2015-8023

2015-11-18T11:59:07
ID CVE-2015-8023
Type cve
Reporter NVD
Modified 2018-08-13T17:47:53

Description

The server implementation of the EAP-MSCHAPv2 protocol in the eap-mschapv2 plugin in strongSwan 4.2.12 through 5.x before 5.3.4 does not properly validate local state, which allows remote attackers to bypass authentication via an empty Success message in response to an initial Challenge message.