Описание
Security update for wpa_supplicant
This update for wpa_supplicant fixes the following issues:
- CVE-2023-52160: Bypassing WiFi Authentication (bsc#1219975).
Список пакетов
Container suse/hpc/warewulf4-x86_64/sle-hpc-node:latest
wpa_supplicant-2.10-150600.7.3.1
SUSE Linux Enterprise Module for Basesystem 15 SP6
wpa_supplicant-2.10-150600.7.3.1
openSUSE Leap 15.6
wpa_supplicant-2.10-150600.7.3.1
wpa_supplicant-gui-2.10-150600.7.3.1
Ссылки
- Link for SUSE-SU-2024:3354-1
- E-Mail link for SUSE-SU-2024:3354-1
- SUSE Security Ratings
- SUSE Bug 1219975
- SUSE CVE CVE-2023-52160 page
Описание
The implementation of PEAP in wpa_supplicant through 2.10 allows authentication bypass. For a successful attack, wpa_supplicant must be configured to not verify the network's TLS certificate during Phase 1 authentication, and an eap_peap_decrypt vulnerability can then be abused to skip Phase 2 authentication. The attack vector is sending an EAP-TLV Success packet instead of starting Phase 2. This allows an adversary to impersonate Enterprise Wi-Fi networks.
Затронутые продукты
Container suse/hpc/warewulf4-x86_64/sle-hpc-node:latest:wpa_supplicant-2.10-150600.7.3.1
SUSE Linux Enterprise Module for Basesystem 15 SP6:wpa_supplicant-2.10-150600.7.3.1
openSUSE Leap 15.6:wpa_supplicant-2.10-150600.7.3.1
openSUSE Leap 15.6:wpa_supplicant-gui-2.10-150600.7.3.1
Ссылки
- CVE-2023-52160
- SUSE Bug 1219975