53 matches found
EUVD-2021-17717
Malware in sbrugna...
Azure Linux 3.0 Security Update: wpa_supplicant (CVE-2023-52160)
The version of wpasupplicant installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2023-52160 advisory. - The implementation of PEAP in wpasupplicant through 2.10 allows authentication bypass. For a successf...
RHEL 8 : wpa_supplicant (Unpatched Vulnerability)
The remote Redhat Enterprise Linux 8 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - wpasupplicant: SAE side channel attacks as a result of cache access patterns CVE-2022-23303 - The...
RHEL 7 : wpa_supplicant (Unpatched Vulnerability)
The remote Redhat Enterprise Linux 7 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - wpasupplicant: local configuration update allows privilege escalation CVE-2016-4477 - wpasupplicant: P2P...
CentOS 9 : wpa_supplicant-2.10-5.el9
The remote CentOS Linux 9 host has a package installed that is affected by a vulnerability as referenced in the wpasupplicant-2.10-5.el9 build changelog. - The implementation of PEAP in wpasupplicant through 2.10 allows authentication bypass. For a successful attack, wpasupplicant must be...
Improper Authentication
wpasupplicant is vulnerable to the Improper Authentication vulnerability. The vulnerability arises because wpasupplicant can be configured to skip TLS certificate verification during Phase 1 authentication, and an eappeapdecrypt vulnerability can then be exploited to bypass Phase 2 authentication...
Fedora 38 : wpa_supplicant (2024-36d2be00d0)
The remote Fedora 38 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2024-36d2be00d0 advisory. backport fix for PEAP client CVE-2023-52160 Tenable has extracted the preceding description block directly from the Fedora security advisory. Note...
MGASA-2024-0053 Updated wpa_supplicant packages fix security vulnerabilities
The updated packages fix a security vulnerability: The implementation of PEAP in wpasupplicant through 2.10 allows authentication bypass. For a successful attack, wpasupplicant must be configured to not verify the network's TLS certificate during Phase 1 authentication, and an eappeapdecrypt...
Updated wpa_supplicant packages fix security vulnerabilities
The updated packages fix a security vulnerability: The implementation of PEAP in wpasupplicant through 2.10 allows authentication bypass. For a successful attack, wpasupplicant must be configured to not verify the network's TLS certificate during Phase 1 authentication, and an eappeapdecrypt...
Amazon Linux 2 : wpa_supplicant (ALAS-2024-2480)
The version of wpasupplicant installed on the remote host is prior to 2.6-12. It is, therefore, affected by a vulnerability as referenced in the ALAS2-2024-2480 advisory. wpasupplicant: potential authorization bypass CVE-2023-52160 Tenable has extracted the preceding description block directly fr...
Fedora 39 : wpa_supplicant (2024-a95bdde55b)
The remote Fedora 39 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2024-a95bdde55b advisory. backport fix for PEAP client CVE-2023-52160 Tenable has extracted the preceding description block directly from the Fedora security advisory. Note...
Debian dla-3743 : hostapd - security update
The remote Debian 10 host has packages installed that are affected by a vulnerability as referenced in the dla-3743 advisory. - ------------------------------------------------------------------------- Debian LTS Advisory DLA-3743-1 [email protected] https://www.debian.org/lts/security/...
CVE-2023-52160
The implementation of PEAP in wpasupplicant through 2.10 allows authentication bypass. For a successful attack, wpasupplicant must be configured to not verify the network's TLS certificate during Phase 1 authentication, and an eappeapdecrypt vulnerability can then be abused to skip Phase 2...
CVE-2023-52160
The implementation of PEAP in wpasupplicant through 2.10 allows authentication bypass. For a successful attack, wpasupplicant must be configured to not verify the network's TLS certificate during Phase 1 authentication, and an eappeapdecrypt vulnerability can then be abused to skip Phase 2...
CVE-2023-52160
The implementation of PEAP in wpasupplicant through 2.10 allows authentication bypass. For a successful attack, wpasupplicant must be configured to not verify the network's TLS certificate during Phase 1 authentication, and an eappeapdecrypt vulnerability can then be abused to skip Phase 2...
CVE-2023-52161
The Access Point functionality in eapolauthkeyhandle in eapol.c in iNet wireless daemon IWD before 2.14 allows attackers to gain unauthorized access to a protected Wi-Fi network. An attacker can complete the EAPOL handshake by skipping Msg2/4 and instead sending Msg4/4 with an all-zero key...
CVE-2023-52160
The implementation of PEAP in wpasupplicant through 2.10 allows authentication bypass. For a successful attack, wpasupplicant must be configured to not verify the network's TLS certificate during Phase 1 authentication, and an eappeapdecrypt vulnerability can then be abused to skip Phase 2...
CVE-2023-52160
The implementation of PEAP in wpasupplicant through 2.10 allows authentication bypass. For a successful attack, wpasupplicant must be configured to not verify the network's TLS certificate during Phase 1 authentication, and an eappeapdecrypt vulnerability can then be abused to skip Phase 2...
CVE-2023-52160
The implementation of PEAP in wpasupplicant through 2.10 allows authentication bypass. For a successful attack, wpasupplicant must be configured to not verify the network's TLS certificate during Phase 1 authentication, and an eappeapdecrypt vulnerability can then be abused to skip Phase 2...
CVE-2023-35836
An issue was discovered in SolaX Pocket WiFi 3 through 3.001.02. An attacker within RF range can obtain a cleartext copy of the network configuration of the device, including the Wi-Fi PSK, during device setup and reconfiguration. Upon success, the attacker is able to further infiltrate the...