14 matches found
SUSE: Security Advisory (SUSE-SU-2015:2186-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
SUSE: Security Advisory (SUSE-SU-2015:2183-2)
The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Security Bulletin: A vulnerability in strongSwan affects IBM Flex System Manager (FSM) (CVE-2015-8023)
Summary A security vulnerability has been discovered in strongSwan that is embedded in the IBM FSM. This bulletin addresses the vulnerability. Vulnerability Details CVEID: CVE-2015-8023 DESCRIPTION: strongSwan could allow a remote attacker to bypass security restrictions, caused by the failure to...
Security Bulletin: A vulnerability in strongSwan affects PowerKVM (CVE-2015-8023)
Summary PowerKVM is affected by a vulnerability in strongSwan. This vulnerability is now fixed. Vulnerability Details CVEID: CVE-2015-8023 DESCRIPTION: strongSwan could allow a remote attacker to bypass security restrictions, caused by the failure to properly validate local state by the server...
pfSense < 2.2.6 Multiple Vulnerabilities (SA-15_09 / SA-15_10 / SA-15_11)
According to its self-reported version number, the remote pfSense install is prior to 2.2.6. It is, therefore, affected by multiple vulnerabilities. C Tenable Network Security, Inc. include"compat.inc"; if description scriptid106498; scriptversion"1.11"; scriptcvsdate"Date: 2019/11/08"; scriptcve...
SUSE-SU-2015:2183-2 Security update for strongswan
The strongswan package was updated to fix the following security issue: - CVE-2015-8023: Fixed an authentication bypass vulnerability in the eap-mschapv2 plugin bsc953817...
SUSE SLED12 / SLES12 Security Update : strongswan (SUSE-SU-2015:2183-1)
The strongswan package was updated to fix the following security issue : - CVE-2015-8023: Fixed an authentication bypass vulnerability in the eap-mschapv2 plugin bsc953817. Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory...
SUSE-SU-2015:2186-1 Security update for strongswan
The strongswan package was updated to fix the following security issue: - CVE-2015-8023: Fixed an authentication bypass vulnerability in the eap-mschapv2 plugin bsc953817...
CVE-2015-8023
The server implementation of the EAP-MSCHAPv2 protocol in the eap-mschapv2 plugin in strongSwan 4.2.12 through 5.x before 5.3.4 does not properly validate local state, which allows remote attackers to bypass authentication via an empty Success message in response to an initial Challenge message...
Ubuntu: Security Advisory (USN-2811-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
CVE-2015-8023
The server implementation of the EAP-MSCHAPv2 protocol in the eap-mschapv2 plugin in strongSwan 4.2.12 through 5.x before 5.3.4 does not properly validate local state, which allows remote attackers to bypass authentication via an empty Success message in response to an initial Challenge message...
UBUNTU-CVE-2015-8023
The server implementation of the EAP-MSCHAPv2 protocol in the eap-mschapv2 plugin in strongSwan 4.2.12 through 5.x before 5.3.4 does not properly validate local state, which allows remote attackers to bypass authentication via an empty Success message in response to an initial Challenge message...
Debian Security Advisory DSA 3398-1 (strongswan - security update)
Tobias Brunner found an authentication bypass vulnerability in strongSwan, an IKE/IPsec suite. Due to insufficient validation of its local state the server implementation of the EAP-MSCHAPv2 protocol in the eap-mschapv2 plugin can be tricked into successfully concluding the authentication without...
strongswan -- authentication bypass vulnerability in the eap-mschapv2 plugin
Strongswan Release Notes reports: Fixed an authentication bypass vulnerability in the eap-mschapv2 plugin that was caused by insufficient verification of the internal state when handling MSCHAPv2 Success messages received by the client. This vulnerability has been registered as CVE-2015-8023...