CLSA-2025-1753802388 wpa_supplicant: Fix of CVE-2023-52160

CVE-2023-52160: fix authentication bypass vulnerability by enforcing TLS certificate verification and addressing eappeapdecrypt vulnerability...

Oracle Linux 9 : wpa_supplicant (ELSA-2024-2517)

The remote Oracle Linux 9 host has a package installed that is affected by a vulnerability as referenced in the ELSA-2024-2517 advisory. 1:2.10-5 - Support macsec HW offload. Resolves: RHEL-22440 - Backport fix for PEAP client CVE-2023-52160 Tenable has extracted the preceding description block...

Improper Authentication

wpasupplicant is vulnerable to the Improper Authentication vulnerability. The vulnerability arises because wpasupplicant can be configured to skip TLS certificate verification during Phase 1 authentication, and an eappeapdecrypt vulnerability can then be exploited to bypass Phase 2 authentication...

Fedora 39 : wpa_supplicant (2024-a95bdde55b)

The remote Fedora 39 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2024-a95bdde55b advisory. backport fix for PEAP client CVE-2023-52160 Tenable has extracted the preceding description block directly from the Fedora security advisory. Note...

CVE-2023-52160

The implementation of PEAP in wpasupplicant through 2.10 allows authentication bypass. For a successful attack, wpasupplicant must be configured to not verify the network's TLS certificate during Phase 1 authentication, and an eappeapdecrypt vulnerability can then be abused to skip Phase 2...

CVE-2023-52160

The implementation of PEAP in wpasupplicant through 2.10 allows authentication bypass. For a successful attack, wpasupplicant must be configured to not verify the network's TLS certificate during Phase 1 authentication, and an eappeapdecrypt vulnerability can then be abused to skip Phase 2...

Authentication flaw

The implementation of PEAP in wpasupplicant through 2.10 allows authentication bypass. For a successful attack, wpasupplicant must be configured to not verify the network's TLS certificate during Phase 1 authentication, and an eappeapdecrypt vulnerability can then be abused to skip Phase 2...

CVE-2023-52160

The implementation of PEAP in wpasupplicant through 2.10 allows authentication bypass. For a successful attack, wpasupplicant must be configured to not verify the network's TLS certificate during Phase 1 authentication, and an eappeapdecrypt vulnerability can then be abused to skip Phase 2...

CVE-2023-52160

The implementation of PEAP in wpasupplicant through 2.10 allows authentication bypass. For a successful attack, wpasupplicant must be configured to not verify the network's TLS certificate during Phase 1 authentication, and an eappeapdecrypt vulnerability can then be abused to skip Phase 2...

CVE-2023-52160

The implementation of PEAP in wpasupplicant through 2.10 allows authentication bypass. For a successful attack, wpasupplicant must be configured to not verify the network's TLS certificate during Phase 1 authentication, and an eappeapdecrypt vulnerability can then be abused to skip Phase 2...

CVE-2023-52160

The implementation of PEAP in wpasupplicant through 2.10 allows authentication bypass. For a successful attack, wpasupplicant must be configured to not verify the network's TLS certificate during Phase 1 authentication, and an eappeapdecrypt vulnerability can then be abused to skip Phase 2...