VDB

GCVE-110-MAGEIA-2024-53

GCVE-110-MAGEIA-2024-53
Advisory Published
Vulnetix · Advisory published March 6, 2024
The updated packages fix a security vulnerability: The implementation of PEAP in wpa_supplicant through 2.10 allows authentication bypass. For a successful attack, wpa_supplicant must be configured to not verify the network's TLS certificate during Phase 1 authentication, and an eap_peap_decrypt vulnerability can then be abused to skip Phase 2 authentication. The attack vector is sending an EAP-TLV Success packet instead of starting Phase 2. This allows an adversary to impersonate Enterprise Wi-Fi networks. (CVE-2023-52160)

Affected Products

VendorProductVersionsPlatforms
Mageiawpa_supplicant0 (affected), 2.10-3.1.mga9 (unaffected), 0 (affected), 2.10-3.1.mga9 (unaffected)
Mageialess0 (affected), 632-1.1.mga9 (unaffected)

Browse GCVE Records

73,866 records in the GCVE database · Updated July 19, 2026

No matching records found.

Explore Further

Investigate this vulnerability in the interactive console or download the raw GCVE record.

$ Console Community · 100/wk Open console ›