CVE-2015-8023

2015-11-1600:00:00

ubuntu.com

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:N/C:N/I:P/A:N

0.005 Low

EPSS

Percentile

76.9%

JSON

The server implementation of the EAP-MSCHAPv2 protocol in the eap-mschapv2
plugin in strongSwan 4.2.12 through 5.x before 5.3.4 does not properly
validate local state, which allows remote attackers to bypass
authentication via an empty Success message in response to an initial
Challenge message.

OSVersionArchitecturePackageVersionFilename
ubuntu14.04noarchstrongswan< 5.1.2-0ubuntu2.4UNKNOWN
ubuntu15.04noarchstrongswan< 5.1.2-0ubuntu5.3UNKNOWN
ubuntu15.10noarchstrongswan< 5.1.2-0ubuntu6.2UNKNOWN
ubuntu16.04noarchstrongswan< 5.1.2-0ubuntu7UNKNOWN
ubuntu16.10noarchstrongswan< 5.1.2-0ubuntu7UNKNOWN
ubuntu17.04noarchstrongswan< 5.1.2-0ubuntu7UNKNOWN

OS	Version	Architecture	Package	Version	Filename
ubuntu	14.04	noarch	strongswan	< 5.1.2-0ubuntu2.4	UNKNOWN
ubuntu	15.04	noarch	strongswan	< 5.1.2-0ubuntu5.3	UNKNOWN
ubuntu	15.10	noarch	strongswan	< 5.1.2-0ubuntu6.2	UNKNOWN
ubuntu	16.04	noarch	strongswan	< 5.1.2-0ubuntu7	UNKNOWN
ubuntu	16.10	noarch	strongswan	< 5.1.2-0ubuntu7	UNKNOWN
ubuntu	17.04	noarch	strongswan	< 5.1.2-0ubuntu7	UNKNOWN