PT-2023-1433 · Microsoft · Windows

Name of the Vulnerable Software and Affected Versions: Windows affected versions not specified Description: The issue is related to the implementation of the Protected Extensible Authentication Protocol PEAP in Windows operating systems, which is associated with insufficient input validation. Thi...

KB5022893: Windows Server 2008 Security Update (February 2023)

The remote Windows host is missing security update 5022893. It is, therefore, affected by multiple vulnerabilities - Windows iSCSI Discovery Service Remote Code Execution Vulnerability CVE-2023-21803 - Microsoft PostScript Printer Driver Remote Code Execution Vulnerability CVE-2023-21684,...

Wireshark 安全漏洞

Wireshark is a network packet analyzer. A security vulnerability exists in Wireshark EAP dissector, which can be exploited by remote attackers to submit a special request that can crash the application...

PT-2023-16252 · Wireshark +3 · Wireshark +3

Name of the Vulnerable Software and Affected Versions: Wireshark versions 4.0.0 through 4.0.2 Description: The issue is related to a crash in the EAP dissector, allowing denial of service via packet injection or crafted capture file. Recommendations: For Wireshark versions 4.0.0 through 4.0.2,...

ALPINE-CVE-2022-41860

In freeradius, when an EAP-SIM supplicant sends an unknown SIM option, the server will try to look that option up in the internal dictionaries. This lookup will fail, but the SIM code will not check for that failure. Instead, it will dereference a NULL pointer, and cause the server to crash...

DEBIAN-CVE-2022-41859

In freeradius, the EAP-PWD function computepasswordelement leaks information about the password which allows an attacker to substantially reduce the size of an offline dictionary attack...

UBUNTU-CVE-2022-41859

In freeradius, the EAP-PWD function computepasswordelement leaks information about the password which allows an attacker to substantially reduce the size of an offline dictionary attack...

The vulnerability of the EAP-pwd client implementation for Wi-Fi WPA Supplicant allows information disclosure due to incompatibility, enabling attackers to expose sensitive information.

The vulnerability of the EAP-pwd client implementation for Wi-Fi WPA Supplicant is related to the disclosure of information due to incompatibility. This vulnerability allows a malicious actor to disclose the protected information remotely...

OESA-2022-2068 strongswan security update

The strongSwan IPsec implementation supports both the IKEv1 and IKEv2 key exchange protocols in conjunction with the native NETKEY IPsec stack of the Linux kernel. Security Fixes: In strongSwan before 5.9.5, a malicious responder can send an EAP-Success message too early without actually...

KB5014990: Authentication failures occur after the May 10, 2022 update is installed on domain controllers running Windows Server 2008 SP2

KB5014990: Authentication failures occur after the May 10, 2022 update is installed on domain controllers running Windows Server 2008 SP2 Summary This update includes improvements for the following issue: Addresses a known issue that might cause authentication failures for some services on a serv...

KB5014986: Authentication failures occur after the May 10, 2022 update is installed on domain controllers running Windows Server 2012 R2

KB5014986: Authentication failures occur after the May 10, 2022 update is installed on domain controllers running Windows Server 2012 R2 Summary This update includes improvements for the following issue: Addresses a known issue that might cause authentication failures for some services on a serve...

May 19, 2022—KB5015018 (OS Build 17763.2931) Out-of-band

May 19, 2022—KB5015018 OS Build 17763.2931 Out-of-band Note: To improve the information presented in the history pages and related KBs and make them more useful to our customers, we have created an anonymous survey for you to share your comments and feedback. 11/17/20 For information about Window...

May 19, 2022—KB5015019 (OS Build 14393.5127) Out-of-band

May 19, 2022—KB5015019 OS Build 14393.5127 Out-of-band Note: To improve the information presented in the history pages and related KBs and make them more useful to our customers, we have created an anonymous survey for you to share your comments and feedback. 11/19/20 For information about Window...

Fixed vulnerability in Wi-Fi SAE and EAP-wd implementations

A vulnerability has been fixed in implementations of the Simultaneous Authentication of Equals SAE and Extensible-Authentication-Protocol-EAP EAP-wd that are used in hostapd and wpasupplicant. The vulnerability enables a malicious party with the ability to execute code on the system to gain acces...

The implementations of EAP-pwd in hostapd before 2.10 and wpa_supplicant before 2.10 are vulnerable to side-channel attacks as a result of cache access patterns. NOTE: this issue exists because of an incomplete fix for CVE-2019-9495.

...

USN-5250-1 strongswan vulnerability

Zhuowei Zhang discovered that stringSwan incorrectly handled EAP authentication. A remote attacker could use this issue to cause strongSwan to crash, resulting in a denial of service, or possibly bypass client and server authentication...

AZL-7748 CVE-2022-23304 affecting package wpa_supplicant for versions less than 2.10-1

The implementations of EAP-pwd in hostapd before 2.10 and wpasupplicant before 2.10 are vulnerable to side-channel attacks as a result of cache access patterns. NOTE: this issue exists because of an incomplete fix for CVE-2019-9495...

ALPINE-CVE-2022-23304

The implementations of EAP-pwd in hostapd before 2.10 and wpasupplicant before 2.10 are vulnerable to side-channel attacks as a result of cache access patterns. NOTE: this issue exists because of an incomplete fix for CVE-2019-9495...

EAP-pwd 加密问题漏洞

EAP-pwd is an EAP authentication method that uses a shared password for authentication. A cryptographic issue vulnerability exists in EAP-pwd that stems from a cache access mode error in the hostapd and wpa supplicant components of the product. An attacker could use this vulnerability to launch a...

Critical Juniper Bug Allows DoS, RCE Against Carrier Networks

A critical remote code-execution vulnerability in Juniper Networks’ Steel-Belted Radius SBR Carrier Edition lays open wireless carrier and fixed operator networks to tampering. The SBR Carrier server is used by telecom carriers to manage policies for how subscribers access their networks – by...