MGASA-2024-0053
- Source
- https://advisories.mageia.org/MGASA-2024-0053.html
- Import Source
- https://advisories.mageia.org/MGASA-2024-0053.json
- JSON Data
- https://api.osv.dev/v1/vulns/MGASA-2024-0053
- Related
- Published
- 2024-03-06T16:53:33Z
- Modified
- 2024-03-06T16:42:12Z
- Summary
- Updated wpa_supplicant packages fix security vulnerabilities
- Details
-
The updated packages fix a security vulnerability: The implementation of PEAP in wpasupplicant through 2.10 allows authentication bypass. For a successful attack, wpasupplicant must be configured to not verify the network's TLS certificate during Phase 1 authentication, and an eappeapdecrypt vulnerability can then be abused to skip Phase 2 authentication. The attack vector is sending an EAP-TLV Success packet instead of starting Phase 2. This allows an adversary to impersonate Enterprise Wi-Fi networks. (CVE-2023-52160)
- References
-
- https://advisories.mageia.org/MGASA-2024-0053.html
- https://bugs.mageia.org/show_bug.cgi?id=32911
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/N46C4DTVUWK336OYDA4LGALSC5VVPTCC/
- https://lists.debian.org/debian-lts-announce/2024/02/msg00013.html
- http://www.slackware.com/security/viewer.php?l=slackware-security&y=2024&m=slackware-security.383534
- Credits
-
-
- Mageia - COORDINATOR
-
Affected packages
Mageia:9 / wpa_supplicant
Package
- Name
- wpa_supplicant
- Purl
- pkg:rpm/mageia/wpa_supplicant?distro=mageia-9