Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2023-52160

The implementation of PEAP in wpa_supplicant through 2.10 allows authentication bypass. For a successful attack, wpa_supplicant must be configured to not verify the network's TLS certificate during Phase 1 authentication, and an eap_peap_decrypt vulnerability can then be abused to skip Phase 2 authentication. The attack vector is sending an EAP-TLV Success packet instead of starting Phase 2. This allows an adversary to impersonate Enterprise Wi-Fi networks.

Published

2024-02-22T17:15:08.263

Last Modified

2025-05-05T14:14:41.537

Status

Analyzed

Source

[email protected]

Severity

CVSSv3.1: 6.5 (MEDIUM)

Weaknesses

Type: Primary
CWE-287
Type: Secondary
CWE-287

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Operating System	debian	debian_linux	10.0	Yes
Operating System	fedoraproject	fedora	38	Yes
Operating System	fedoraproject	fedora	39	Yes
Operating System	redhat	enterprise_linux	8.0	Yes
Operating System	redhat	enterprise_linux	9.0	Yes
Application	w1.fi	wpa_supplicant	≤ 2.10	Yes
Operating System	google	android	-	No
Operating System	google	chrome_os	-	No
Operating System	linux	linux_kernel	-	No

References

https://lists.debian.org/debian-lts-announce/2024/02/msg00013.html Mailing List, Third Party Advisory ([email protected])
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/N46C4DTVUWK336OYDA4LGALSC5VVPTCC/ Mailing List ([email protected])
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QU6IR4KV3ZXJZLK2BY7HAHGZNCP7FPNI/ Third Party Advisory ([email protected])
https://w1.fi/cgit/hostap/commit/?id=8e6485a1bcb0baffdea9e55255a81270b768439c Patch ([email protected])
https://www.top10vpn.com/research/wifi-vulnerabilities/ Third Party Advisory ([email protected])
https://lists.debian.org/debian-lts-announce/2024/02/msg00013.html Mailing List, Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/N46C4DTVUWK336OYDA4LGALSC5VVPTCC/ Mailing List (af854a3a-2127-422b-91ae-364da2661108)
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QU6IR4KV3ZXJZLK2BY7HAHGZNCP7FPNI/ Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://w1.fi/cgit/hostap/commit/?id=8e6485a1bcb0baffdea9e55255a81270b768439c Patch (af854a3a-2127-422b-91ae-364da2661108)
https://www.top10vpn.com/research/wifi-vulnerabilities/ Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)