31 matches found
NewStart CGSL MAIN 7.02 : wpa_supplicant Vulnerability (NS-SA-2025-0087)
The remote NewStart CGSL host, running version MAIN 7.02, has wpasupplicant packages installed that are affected by a vulnerability: - The implementation of PEAP in wpasupplicant through 2.10 allows authentication bypass. For a successful attack, wpasupplicant must be configured to not verify the...
Azure Linux 3.0 Security Update: wpa_supplicant (CVE-2023-52160)
The version of wpasupplicant installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2023-52160 advisory. - The implementation of PEAP in wpasupplicant through 2.10 allows authentication bypass. For a successf...
CBL Mariner 2.0 Security Update: wpa_supplicant (CVE-2023-52160)
The version of wpasupplicant installed on the remote CBL Mariner 2.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2023-52160 advisory. - The implementation of PEAP in wpasupplicant through 2.10 allows authentication bypass. For a successf...
EulerOS 2.0 SP8 : wpa_supplicant (EulerOS-SA-2024-2495)
According to the versions of the wpasupplicant package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : The implementation of PEAP in wpasupplicant through 2.10 allows authentication bypass. For a successful attack, wpasupplicant must be...
RHEL 8 : wpa_supplicant (Unpatched Vulnerability)
The remote Redhat Enterprise Linux 8 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - wpasupplicant: SAE side channel attacks as a result of cache access patterns CVE-2022-23303 - The...
Rocky Linux 9 : wpa_supplicant (RLSA-2024:2517)
The remote Rocky Linux 9 host has packages installed that are affected by a vulnerability as referenced in the RLSA-2024:2517 advisory. - The implementation of PEAP in wpasupplicant through 2.10 allows authentication bypass. For a successful attack, wpasupplicant must be configured to not verify...
RHEL 7 : wpa_supplicant (Unpatched Vulnerability)
The remote Redhat Enterprise Linux 7 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - wpasupplicant: local configuration update allows privilege escalation CVE-2016-4477 - wpasupplicant: P2P...
RHEL 9 : wpa_supplicant (RHSA-2024:2517)
The remote Redhat Enterprise Linux 9 host has a package installed that is affected by a vulnerability as referenced in the RHSA-2024:2517 advisory. The wpasupplicant packages contain an 802.1X Supplicant with support for WEP, WPA, WPA2 IEEE 802.11i / RSN, and various EAP authentication methods...
CentOS 9 : wpa_supplicant-2.10-5.el9
The remote CentOS Linux 9 host has a package installed that is affected by a vulnerability as referenced in the wpasupplicant-2.10-5.el9 build changelog. - The implementation of PEAP in wpasupplicant through 2.10 allows authentication bypass. For a successful attack, wpasupplicant must be...
Improper Authentication
wpasupplicant is vulnerable to the Improper Authentication vulnerability. The vulnerability arises because wpasupplicant can be configured to skip TLS certificate verification during Phase 1 authentication, and an eappeapdecrypt vulnerability can then be exploited to bypass Phase 2 authentication...
Fedora 38 : wpa_supplicant (2024-36d2be00d0)
The remote Fedora 38 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2024-36d2be00d0 advisory. backport fix for PEAP client CVE-2023-52160 Tenable has extracted the preceding description block directly from the Fedora security advisory. Note...
MGASA-2024-0053 Updated wpa_supplicant packages fix security vulnerabilities
The updated packages fix a security vulnerability: The implementation of PEAP in wpasupplicant through 2.10 allows authentication bypass. For a successful attack, wpasupplicant must be configured to not verify the network's TLS certificate during Phase 1 authentication, and an eappeapdecrypt...
Updated wpa_supplicant packages fix security vulnerabilities
The updated packages fix a security vulnerability: The implementation of PEAP in wpasupplicant through 2.10 allows authentication bypass. For a successful attack, wpasupplicant must be configured to not verify the network's TLS certificate during Phase 1 authentication, and an eappeapdecrypt...
Amazon Linux 2 : wpa_supplicant (ALAS-2024-2480)
The version of wpasupplicant installed on the remote host is prior to 2.6-12. It is, therefore, affected by a vulnerability as referenced in the ALAS2-2024-2480 advisory. wpasupplicant: potential authorization bypass CVE-2023-52160 Tenable has extracted the preceding description block directly fr...
Fedora 39 : wpa_supplicant (2024-a95bdde55b)
The remote Fedora 39 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2024-a95bdde55b advisory. backport fix for PEAP client CVE-2023-52160 Tenable has extracted the preceding description block directly from the Fedora security advisory. Note...
Debian dla-3743 : hostapd - security update
The remote Debian 10 host has packages installed that are affected by a vulnerability as referenced in the dla-3743 advisory. - ------------------------------------------------------------------------- Debian LTS Advisory DLA-3743-1 [email protected] https://www.debian.org/lts/security/...
CVE-2023-52160
The implementation of PEAP in wpasupplicant through 2.10 allows authentication bypass. For a successful attack, wpasupplicant must be configured to not verify the network's TLS certificate during Phase 1 authentication, and an eappeapdecrypt vulnerability can then be abused to skip Phase 2...
Authentication flaw
The implementation of PEAP in wpasupplicant through 2.10 allows authentication bypass. For a successful attack, wpasupplicant must be configured to not verify the network's TLS certificate during Phase 1 authentication, and an eappeapdecrypt vulnerability can then be abused to skip Phase 2...
CVE-2023-52160
The implementation of PEAP in wpasupplicant through 2.10 allows authentication bypass. For a successful attack, wpasupplicant must be configured to not verify the network's TLS certificate during Phase 1 authentication, and an eappeapdecrypt vulnerability can then be abused to skip Phase 2...
CVE-2023-52160
The implementation of PEAP in wpasupplicant through 2.10 allows authentication bypass. For a successful attack, wpasupplicant must be configured to not verify the network's TLS certificate during Phase 1 authentication, and an eappeapdecrypt vulnerability can then be abused to skip Phase 2...