VDB
CVE-2015-8023
CVE-2015-8023
PUBLISHED
The server implementation of the EAP-MSCHAPv2 protocol in the eap-mschapv2 plugin in strongSwan 4.2.12 through 5.x before 5.3.4 does not properly validate local state, which allows remote attackers to bypass authentication via an empty Success message in response to an initial Challenge message.
EPSS 0.80% · 74.4th percentile
Risk Scores
EPSS Score
0.80%
74.4th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Ubuntu:16.04:LTS | strongswan | 0, 5.1.2-0ubuntu6 |
| Ubuntu:14.04:LTS | strongswan | 0, 4.6.4-9, 5.1.0-2 |
Timeline
- Nov 16, 2015 CVE Published
- Feb 4, 2022 EPSS Score
- Mar 29, 2022 EPSS Score
- May 20, 2022 EPSS Score
- Jul 12, 2022 EPSS Score
- Sep 3, 2022 EPSS Score
- Dec 18, 2022 EPSS Score
- Feb 8, 2023 EPSS Score
- Mar 7, 2023 EPSS Score
- Apr 2, 2023 EPSS Score
- May 25, 2023 EPSS Score
- Jul 16, 2023 EPSS Score
References
- https://ubuntu.com/security/CVE-2015-8023 third-party-advisory
- https://www.strongswan.org/blog/2015/11/16/strongswan-5.3.4-released.html third-party-advisory
- https://ubuntu.com/security/notices/USN-2811-1 vendor-advisory
- https://www.cve.org/CVERecord?id=CVE-2015-8023 third-party-advisory