CVE-2023-52160

EUVD-2023-56833

22.02.2024, 17:15

The implementation of PEAP in wpa_supplicant through 2.10 allows authentication bypass. For a successful attack, wpa_supplicant must be configured to not verify the network's TLS certificate during Phase 1 authentication, and an eap_peap_decrypt vulnerability can then be abused to skip Phase 2 authentication. The attack vector is sending an EAP-TLV Success packet instead of starting Phase 2. This allows an adversary to impersonate Enterprise Wi-Fi networks.

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	Primary	6.5 MEDIUM	NETWORK	LOW	NONE	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N

Base Score

CVSS 3.x

EPSS Score

Percentile: 88%

Affected Products (NVD)

Vendor	Product	Version
debian	debian_linux	10.0
redhat	enterprise_linux	8.0
redhat	enterprise_linux	9.0
w1.fi	wpa_supplicant	𝑥 ≤ 2.10

𝑥

= Vulnerable software versions

Debian Releases

Debian Product

Codename

wpa

bookworm	2:2.10-12+deb12u2 fixed
bookworm (security)	2:2.10-12+deb12u2 fixed
bullseye	2:2.9.0-21+deb11u2 fixed
bullseye (security)	2:2.9.0-21+deb11u2 fixed
sid	2:2.10-22 fixed
trixie	2:2.10-22 fixed

Ubuntu Releases

Ubuntu Product

Codename

wpa

bionic	deferred
focal	deferred
jammy	deferred
mantic	ignored
noble	deferred
oracular	deferred
trusty	ignored
xenial	deferred

Red Hat Enterprise Linux Releases

Red Hat Product

Release

wpa

RHEL 9

1:2.10-5.el9

fixed

Common Weakness Enumeration

CWE-287 - Improper Authentication
When an actor claims to have a given identity, the software does not prove or insufficiently proves that the claim is correct.

References

https://lists.debian.org/debian-lts-announce/2024/02/msg00013.html

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/N46C4DTVUWK336OYDA4LGALSC5VVPTCC/

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QU6IR4KV3ZXJZLK2BY7HAHGZNCP7FPNI/

https://w1.fi/cgit/hostap/commit/?id=8e6485a1bcb0baffdea9e55255a81270b768439c

https://www.top10vpn.com/research/wifi-vulnerabilities/

https://lists.debian.org/debian-lts-announce/2024/02/msg00013.html

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/N46C4DTVUWK336OYDA4LGALSC5VVPTCC/

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QU6IR4KV3ZXJZLK2BY7HAHGZNCP7FPNI/

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/N46C4DTVUWK336OYDA4LGALSC5VVPTCC/

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QU6IR4KV3ZXJZLK2BY7HAHGZNCP7FPNI/

https://w1.fi/cgit/hostap/commit/?id=8e6485a1bcb0baffdea9e55255a81270b768439c

https://www.top10vpn.com/research/wifi-vulnerabilities/