strongswan: Authentication bypass vulnerability in eap-mschapv2 plugin (CVE-2015-8023)
An authentication bypass vulnerability in the eap-mschapv2 plugin was
fixed that enabled malicious
clients to trick the server into concluding the EAP-MSCHAPv2
authentication successfully without
providing valid credentials, actually, without providing any credentials
at all.
It was caused by insufficient verification of the internal state when
handling EAP-MSCHAPv2 Success messages from clients.
Affected versions:
since 4.2.12, up to and including 5.3.3.
Fixed in:
5.3.4
References:
https://www.strongswan.org/blog/2015/11/16/strongswan-vulnerability-%28cve-2015-8023%29.html
https://www.strongswan.org/blog/2015/11/16/strongswan-5.3.4-released.html
https://wiki.strongswan.org/projects/strongswan/wiki/Changelog53
(from redmine: issue id 4875, created on 2015-11-17, closed on 2015-12-08)
- Relations:
- child #4876 (closed)
- child #4877 (closed)
- child #4878 (closed)
- child #4879 (closed)
- child #4880 (closed)