Количество 14
Количество 14
GHSA-hj6q-jrf5-2pm3
The implementation of PEAP in wpa_supplicant through 2.10 allows authentication bypass. For a successful attack, wpa_supplicant must be configured to not verify the network's TLS certificate during Phase 1 authentication, and an eap_peap_decrypt vulnerability can then be abused to skip Phase 2 authentication. The attack vector is sending an EAP-TLV Success packet instead of starting Phase 2. This allows an adversary to impersonate Enterprise Wi-Fi networks.
CVE-2023-52160
The implementation of PEAP in wpa_supplicant through 2.10 allows authentication bypass. For a successful attack, wpa_supplicant must be configured to not verify the network's TLS certificate during Phase 1 authentication, and an eap_peap_decrypt vulnerability can then be abused to skip Phase 2 authentication. The attack vector is sending an EAP-TLV Success packet instead of starting Phase 2. This allows an adversary to impersonate Enterprise Wi-Fi networks.
CVE-2023-52160
The implementation of PEAP in wpa_supplicant through 2.10 allows authentication bypass. For a successful attack, wpa_supplicant must be configured to not verify the network's TLS certificate during Phase 1 authentication, and an eap_peap_decrypt vulnerability can then be abused to skip Phase 2 authentication. The attack vector is sending an EAP-TLV Success packet instead of starting Phase 2. This allows an adversary to impersonate Enterprise Wi-Fi networks.
CVE-2023-52160
The implementation of PEAP in wpa_supplicant through 2.10 allows authentication bypass. For a successful attack, wpa_supplicant must be configured to not verify the network's TLS certificate during Phase 1 authentication, and an eap_peap_decrypt vulnerability can then be abused to skip Phase 2 authentication. The attack vector is sending an EAP-TLV Success packet instead of starting Phase 2. This allows an adversary to impersonate Enterprise Wi-Fi networks.
CVE-2023-52160
CVE-2023-52160
The implementation of PEAP in wpa_supplicant through 2.10 allows authe ...
SUSE-SU-2024:3354-1
Security update for wpa_supplicant
SUSE-SU-2024:0819-1
Security update for wpa_supplicant
SUSE-SU-2024:0818-1
Security update for wpa_supplicant
SUSE-SU-2024:0764-1
Security update for wpa_supplicant
RLSA-2024:2517
Moderate: wpa_supplicant security update
ELSA-2024-2517
ELSA-2024-2517: wpa_supplicant security update (MODERATE)
BDU:2024-01426
Уязвимость реализации протокола PEAP (Protected Extensible Authentication Protocol) клиента защищённого доступа Wi-Fi WPA Supplicant, позволяющая нарушителю перехватить незашифрованный транзитный трафик пользователя
ROS-20240904-11
Уязвимость wpa_supplicant
Уязвимостей на страницу
Уязвимость | CVSS | EPSS | Опубликовано | |
|---|---|---|---|---|
| GHSA-hj6q-jrf5-2pm3 The implementation of PEAP in wpa_supplicant through 2.10 allows authentication bypass. For a successful attack, wpa_supplicant must be configured to not verify the network's TLS certificate during Phase 1 authentication, and an eap_peap_decrypt vulnerability can then be abused to skip Phase 2 authentication. The attack vector is sending an EAP-TLV Success packet instead of starting Phase 2. This allows an adversary to impersonate Enterprise Wi-Fi networks. | CVSS3: 6.5 | 1% Низкий | больше 1 года назад |
 | CVE-2023-52160 The implementation of PEAP in wpa_supplicant through 2.10 allows authentication bypass. For a successful attack, wpa_supplicant must be configured to not verify the network's TLS certificate during Phase 1 authentication, and an eap_peap_decrypt vulnerability can then be abused to skip Phase 2 authentication. The attack vector is sending an EAP-TLV Success packet instead of starting Phase 2. This allows an adversary to impersonate Enterprise Wi-Fi networks. | CVSS3: 6.5 | 1% Низкий | больше 1 года назад |
 | CVE-2023-52160 The implementation of PEAP in wpa_supplicant through 2.10 allows authentication bypass. For a successful attack, wpa_supplicant must be configured to not verify the network's TLS certificate during Phase 1 authentication, and an eap_peap_decrypt vulnerability can then be abused to skip Phase 2 authentication. The attack vector is sending an EAP-TLV Success packet instead of starting Phase 2. This allows an adversary to impersonate Enterprise Wi-Fi networks. | CVSS3: 6.5 | 1% Низкий | больше 1 года назад |
 | CVE-2023-52160 The implementation of PEAP in wpa_supplicant through 2.10 allows authentication bypass. For a successful attack, wpa_supplicant must be configured to not verify the network's TLS certificate during Phase 1 authentication, and an eap_peap_decrypt vulnerability can then be abused to skip Phase 2 authentication. The attack vector is sending an EAP-TLV Success packet instead of starting Phase 2. This allows an adversary to impersonate Enterprise Wi-Fi networks. | CVSS3: 6.5 | 1% Низкий | больше 1 года назад |
 | CVSS3: 6.5 | 1% Низкий | 4 месяца назад | |
| CVE-2023-52160 The implementation of PEAP in wpa_supplicant through 2.10 allows authe ... | CVSS3: 6.5 | 1% Низкий | больше 1 года назад |
 | SUSE-SU-2024:3354-1 Security update for wpa_supplicant | 1% Низкий | 9 месяцев назад | |
| SUSE-SU-2024:0819-1 Security update for wpa_supplicant | 1% Низкий | больше 1 года назад | |
| SUSE-SU-2024:0818-1 Security update for wpa_supplicant | 1% Низкий | больше 1 года назад | |
| SUSE-SU-2024:0764-1 Security update for wpa_supplicant | 1% Низкий | больше 1 года назад | |
 | RLSA-2024:2517 Moderate: wpa_supplicant security update | 1% Низкий | около 1 года назад | |
| ELSA-2024-2517 ELSA-2024-2517: wpa_supplicant security update (MODERATE) | около 1 года назад | ||
 | BDU:2024-01426 Уязвимость реализации протокола PEAP (Protected Extensible Authentication Protocol) клиента защищённого доступа Wi-Fi WPA Supplicant, позволяющая нарушителю перехватить незашифрованный транзитный трафик пользователя | CVSS3: 6.5 | 1% Низкий | почти 2 года назад |
 | ROS-20240904-11 Уязвимость wpa_supplicant | CVSS3: 6.5 | 1% Низкий | 10 месяцев назад |
Уязвимостей на страницу