Improper Authentication

2024-03-1719:28:48

Veracode Vulnerability Database

sca.analysiscenter.veracode.com

wpa_supplicant

improper authentication

tls certificate verification

eap_peap_decrypt

phase 1 authentication

phase 2 authentication

enterprise wi-fi networks

vulnerability

software

6.5 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N

6.7 Medium

AI Score

Confidence

Low

0.001 Low

EPSS

Percentile

35.9%

JSON

wpa_supplicant is vulnerable to the Improper Authentication vulnerability. The vulnerability arises because wpa_supplicant can be configured to skip TLS certificate verification during Phase 1 authentication, and an eap_peap_decrypt vulnerability can then be exploited to bypass Phase 2 authentication. Attackers can exploit this by sending an EAP-TLV Success packet instead of initiating Phase 2, enabling them to impersonate Enterprise Wi-Fi networks.

CPENameOperatorVersion
wpa_supplicant:3.19eq2.10-r8
wpa_supplicant:3.19eq2.10-r9
wpa_supplicant:edgeeq2.10-r5
wpa_supplicant:edgeeq2.10-r4
wpa_supplicant:edgeeq2.10-r8
wpa_supplicant:edgeeq2.10-r0
wpa_supplicant:edgeeq2.10-r1
wpa_supplicant:edgeeq2.9-r12
wpa_supplicant:edgeeq2.9-r15
wpa_supplicant:edgeeq2.10-r2

Name	Operator	Version
wpa_supplicant:3.19	eq	2.10-r8
wpa_supplicant:3.19	eq	2.10-r9
wpa_supplicant:edge	eq	2.10-r5
wpa_supplicant:edge	eq	2.10-r4
wpa_supplicant:edge	eq	2.10-r8
wpa_supplicant:edge	eq	2.10-r0
wpa_supplicant:edge	eq	2.10-r1
wpa_supplicant:edge	eq	2.9-r12
wpa_supplicant:edge	eq	2.9-r15
wpa_supplicant:edge	eq	2.10-r2