CVE-2023-21689

Microsoft Protected Extensible Authentication Protocol PEAP Remote Code Execution Vulnerability...

KLA20233 Multiple vulnerabilities in Microsoft Windows

Multiple vulnerabilities were found in Microsoft Windows. Malicious users can exploit these vulnerabilities to obtain sensitive information, execute arbitrary code, gain privileges, cause denial of service. Below is a complete list of vulnerabilities: 1. An information disclosure vulnerability in...

Microsoft Windows Protected EAP 安全漏洞

Microsoft Windows is a suite of operating systems for use on personal devices from the U.S.-based Microsoft Corporation Microsoft. A security vulnerability exists in Microsoft Windows Protected EAP PEAP. The following products and editions are affected:Windows Server 2016 Server Core...

Microsoft Windows 安全漏洞

Microsoft Windows is a suite of operating systems for use on personal devices from the U.S.-based Microsoft Corporation Microsoft. A security vulnerability exists in Microsoft Windows Protected EAP PEAP. The following products and versions are affected: Windows 10 Version 20H2 for 32-bit...

PT-2023-1448 · Microsoft · Windows

Name of the Vulnerable Software and Affected Versions: Microsoft Windows affected versions not specified Description: The issue is related to the implementation of the Protected Extensible Authentication Protocol PEAP in Windows operating systems, which is associated with insufficient input...

KB5022845: Windows 11 Security Update (February 2023)

The remote Windows host is missing security update 5022845. It is, therefore, affected by multiple vulnerabilities - Microsoft PostScript Printer Driver Remote Code Execution Vulnerability CVE-2023-21684, CVE-2023-21801 - Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution...

KB5022893: Windows Server 2008 Security Update (February 2023)

The remote Windows host is missing security update 5022893. It is, therefore, affected by multiple vulnerabilities - Windows iSCSI Discovery Service Remote Code Execution Vulnerability CVE-2023-21803 - Microsoft PostScript Printer Driver Remote Code Execution Vulnerability CVE-2023-21684,...

Wireshark 安全漏洞

Wireshark is a network packet analyzer. A security vulnerability exists in Wireshark EAP dissector, which can be exploited by remote attackers to submit a special request that can crash the application...

PT-2023-16252 · Wireshark +3 · Wireshark +3

Name of the Vulnerable Software and Affected Versions: Wireshark versions 4.0.0 through 4.0.2 Description: The issue is related to a crash in the EAP dissector, allowing denial of service via packet injection or crafted capture file. Recommendations: For Wireshark versions 4.0.0 through 4.0.2,...

ALPINE-CVE-2022-41860

In freeradius, when an EAP-SIM supplicant sends an unknown SIM option, the server will try to look that option up in the internal dictionaries. This lookup will fail, but the SIM code will not check for that failure. Instead, it will dereference a NULL pointer, and cause the server to crash...

DEBIAN-CVE-2022-41859

In freeradius, the EAP-PWD function computepasswordelement leaks information about the password which allows an attacker to substantially reduce the size of an offline dictionary attack...

May 19, 2022—KB5015018 (OS Build 17763.2931) Out-of-band

May 19, 2022—KB5015018 OS Build 17763.2931 Out-of-band Note: To improve the information presented in the history pages and related KBs and make them more useful to our customers, we have created an anonymous survey for you to share your comments and feedback. 11/17/20 For information about Window...

May 19, 2022—KB5015019 (OS Build 14393.5127) Out-of-band

May 19, 2022—KB5015019 OS Build 14393.5127 Out-of-band Note: To improve the information presented in the history pages and related KBs and make them more useful to our customers, we have created an anonymous survey for you to share your comments and feedback. 11/19/20 For information about Window...

KB5014990: Authentication failures occur after the May 10, 2022 update is installed on domain controllers running Windows Server 2008 SP2

KB5014990: Authentication failures occur after the May 10, 2022 update is installed on domain controllers running Windows Server 2008 SP2 Summary This update includes improvements for the following issue: Addresses a known issue that might cause authentication failures for some services on a serv...

KB5014986: Authentication failures occur after the May 10, 2022 update is installed on domain controllers running Windows Server 2012 R2

KB5014986: Authentication failures occur after the May 10, 2022 update is installed on domain controllers running Windows Server 2012 R2 Summary This update includes improvements for the following issue: Addresses a known issue that might cause authentication failures for some services on a serve...

Fixed vulnerability in Wi-Fi SAE and EAP-wd implementations

A vulnerability has been fixed in implementations of the Simultaneous Authentication of Equals SAE and Extensible-Authentication-Protocol-EAP EAP-wd that are used in hostapd and wpasupplicant. The vulnerability enables a malicious party with the ability to execute code on the system to gain acces...

The implementations of EAP-pwd in hostapd before 2.10 and wpa_supplicant before 2.10 are vulnerable to side-channel attacks as a result of cache access patterns. NOTE: this issue exists because of an incomplete fix for CVE-2019-9495.

...

USN-5250-1 strongswan vulnerability

Zhuowei Zhang discovered that stringSwan incorrectly handled EAP authentication. A remote attacker could use this issue to cause strongSwan to crash, resulting in a denial of service, or possibly bypass client and server authentication...

ALPINE-CVE-2022-23304

The implementations of EAP-pwd in hostapd before 2.10 and wpasupplicant before 2.10 are vulnerable to side-channel attacks as a result of cache access patterns. NOTE: this issue exists because of an incomplete fix for CVE-2019-9495...

EAP-pwd 加密问题漏洞

EAP-pwd is an EAP authentication method that uses a shared password for authentication. A cryptographic issue vulnerability exists in EAP-pwd that stems from a cache access mode error in the hostapd and wpa supplicant components of the product. An attacker could use this vulnerability to launch a...