FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

strongswan -- authentication bypass vulnerability in the eap-mschapv2 plugin

Affected packages
strongswan < 5.3.4

Details

VuXML ID 3eb0ccc2-8c6a-11e5-8519-005056ac623e
Discovery 2015-11-16
Entry 2015-11-16

Strongswan Release Notes reports:

Fixed an authentication bypass vulnerability in the eap-mschapv2 plugin that was caused by insufficient verification of the internal state when handling MSCHAPv2 Success messages received by the client. This vulnerability has been registered as CVE-2015-8023.

References

CVE Name CVE-2015-8023
URL https://github.com/strongswan/strongswan/commit/453e204ac40dfff2e0978e8f84a5f8ff0cbc45e2