Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2015-8023

The server implementation of the EAP-MSCHAPv2 protocol in the eap-mschapv2 plugin in strongSwan 4.2.12 through 5.x before 5.3.4 does not properly validate local state, which allows remote attackers to bypass authentication via an empty Success message in response to an initial Challenge message.

Published

2015-11-18T16:59:07.587

Last Modified

2025-04-12T10:46:40.837

Status

Deferred

Source

[email protected]

Severity

CVSSv2: 5.0 (MEDIUM)

CVSSv2 Vector

AV:N/AC:L/Au:N/C:N/I:P/A:N

  • Access Vector: NETWORK
  • Access Complexity: LOW
  • Authentication: NONE
  • Confidentiality Impact: NONE
  • Integrity Impact: PARTIAL
  • Availability Impact: NONE
Exploitability Score

10.0

Impact Score

2.9

Weaknesses
  • Type: Primary
    CWE-20
    CWE-264
Affected Vendors & Products
Type Vendor Product Version/Range Vulnerable?
Operating System canonical ubuntu_linux 14.04 Yes
Operating System canonical ubuntu_linux 15.04 Yes
Operating System canonical ubuntu_linux 15.10 Yes
Application strongswan strongswan 4.2.12 Yes
Application strongswan strongswan 4.2.13 Yes
Application strongswan strongswan 4.2.14 Yes
Application strongswan strongswan 4.2.15 Yes
Application strongswan strongswan 4.2.16 Yes
Application strongswan strongswan 4.3.0 Yes
Application strongswan strongswan 4.3.1 Yes
Application strongswan strongswan 4.3.2 Yes
Application strongswan strongswan 4.3.3 Yes
Application strongswan strongswan 4.3.4 Yes
Application strongswan strongswan 4.3.5 Yes
Application strongswan strongswan 4.3.6 Yes
Application strongswan strongswan 4.3.7 Yes
Application strongswan strongswan 4.4.0 Yes
Application strongswan strongswan 4.4.1 Yes
Application strongswan strongswan 4.5.0 Yes
Application strongswan strongswan 4.5.1 Yes
Application strongswan strongswan 4.5.2 Yes
Application strongswan strongswan 4.5.3 Yes
Application strongswan strongswan 4.6.0 Yes
Application strongswan strongswan 4.6.1 Yes
Application strongswan strongswan 4.6.2 Yes
Application strongswan strongswan 4.6.3 Yes
Application strongswan strongswan 4.6.4 Yes
Application strongswan strongswan 5.0.0 Yes
Application strongswan strongswan 5.0.1 Yes
Application strongswan strongswan 5.0.2 Yes
Application strongswan strongswan 5.0.3 Yes
Application strongswan strongswan 5.0.4 Yes
Application strongswan strongswan 5.1.0 Yes
Application strongswan strongswan 5.1.1 Yes
Application strongswan strongswan 5.1.2 Yes
Application strongswan strongswan 5.1.3 Yes
Application strongswan strongswan 5.2.0 Yes
Application strongswan strongswan 5.2.1 Yes
Application strongswan strongswan 5.2.2 Yes
Application strongswan strongswan 5.2.3 Yes
Application strongswan strongswan 5.3.0 Yes
Application strongswan strongswan 5.3.1 Yes
Application strongswan strongswan 5.3.2 Yes
Application strongswan strongswan 5.3.3 Yes
References