CVE-2023-52160

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2023-52160
The implementation of PEAP in wpa_supplicant through 2.10 allows authentication bypass. For a successful attack, wpa_supplicant must be configured to not verify the network's TLS certificate during Phase 1 authentication, and an eap_peap_decrypt vulnerability can then be abused to skip Phase 2 authentication. The attack vector is sending an EAP-TLV Success packet instead of starting Phase 2. This allows an adversary to impersonate Enterprise Wi-Fi networks.

6.5 /10

CVSS v3 : MEDIUM

V3 Legend

Vector :

Exploitability : 2.8 / Impact : 3.6

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction REQUIRED

Confidentiality Impact HIGH

Integrity Impact NONE

Availability Impact NONE

Scope UNCHANGED

References
Link Resource
https://lists.debian.org/debian-lts-announce/2024/02/msg00013.html Mailing List Third Party Advisory
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/N46C4DTVUWK336OYDA4LGALSC5VVPTCC/ Mailing List
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QU6IR4KV3ZXJZLK2BY7HAHGZNCP7FPNI/
https://w1.fi/cgit/hostap/commit/?id=8e6485a1bcb0baffdea9e55255a81270b768439c Patch
https://www.top10vpn.com/research/wifi-vulnerabilities/ Third Party Advisory
Configurations

Configuration 1 (hide)

AND
cpe:2.3:a:w1.fi:wpa_supplicant:*:*:*:*:*:*:*:*
OR cpe:2.3:o:google:android:*:*:*:*:*:*:*:*
cpe:2.3:o:google:chrome_os:*:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*

Configuration 2 (hide)

OR cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*
cpe:2.3:o:fedoraproject:fedora:39:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux:9.0:*:*:*:*:*:*:*
History

10 Mar 2024, 04:15

Type Values Removed Values Added
References
  • () https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QU6IR4KV3ZXJZLK2BY7HAHGZNCP7FPNI/ -

04 Mar 2024, 22:47

Type Values Removed Values Added
CPE cpe:2.3:o:google:chrome_os:*:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux:9.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*
cpe:2.3:o:google:android:*:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
cpe:2.3:a:w1.fi:wpa_supplicant:*:*:*:*:*:*:*:*
cpe:2.3:o:fedoraproject:fedora:39:*:*:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*
CVSS v2 : unknown
v3 : unknown 		v2 : unknown
v3 : 6.5
CWE CWE-287
First Time Fedoraproject
Redhat
Google android
W1.fi wpa Supplicant
Linux
Google
W1.fi
Debian debian Linux
Linux linux Kernel
Redhat enterprise Linux
Fedoraproject fedora
Debian
Google chrome Os
References () https://lists.debian.org/debian-lts-announce/2024/02/msg00013.html - () https://lists.debian.org/debian-lts-announce/2024/02/msg00013.html - Mailing List, Third Party Advisory
References () https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/N46C4DTVUWK336OYDA4LGALSC5VVPTCC/ - () https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/N46C4DTVUWK336OYDA4LGALSC5VVPTCC/ - Mailing List
References () https://w1.fi/cgit/hostap/commit/?id=8e6485a1bcb0baffdea9e55255a81270b768439c - () https://w1.fi/cgit/hostap/commit/?id=8e6485a1bcb0baffdea9e55255a81270b768439c - Patch
References () https://www.top10vpn.com/research/wifi-vulnerabilities/ - () https://www.top10vpn.com/research/wifi-vulnerabilities/ - Third Party Advisory

27 Feb 2024, 16:15

Type Values Removed Values Added
References
  • () https://lists.debian.org/debian-lts-announce/2024/02/msg00013.html -

27 Feb 2024, 02:15

Type Values Removed Values Added
References
  • () https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/N46C4DTVUWK336OYDA4LGALSC5VVPTCC/ -
Summary
  • (es) La implementación de PEAP en wpa_supplicant hasta la versión 2.10 permite omitir la autenticación. Para un ataque exitoso, se debe configurar wpa_supplicant para no verificar el certificado TLS de la red durante la autenticación de la Fase 1, y luego se puede abusar de una vulnerabilidad eap_peap_decrypt para omitir la autenticación de la Fase 2. El vector de ataque envía un paquete de éxito EAP-TLV en lugar de iniciar la Fase 2. Esto permite a un adversario hacerse pasar por redes Wi-Fi empresariales.

22 Feb 2024, 18:15

Type Values Removed Values Added
Summary (en) The implementation of PEAP in wpa_supplicant through 2.10 allows authentication bypass. For a successful attack, wpa_supplicant must be configured to not verify the network's TLS certificate during Phase 1 authentication, and an eap_peap_decrypt vulnerability can then be abused to skip Phase 2 authentication. The attack vector is sending an EAP-TLV Success packet instead of starting Phase-2. This allows an adversary to impersonate Enterprise Wi-Fi networks. (en) The implementation of PEAP in wpa_supplicant through 2.10 allows authentication bypass. For a successful attack, wpa_supplicant must be configured to not verify the network's TLS certificate during Phase 1 authentication, and an eap_peap_decrypt vulnerability can then be abused to skip Phase 2 authentication. The attack vector is sending an EAP-TLV Success packet instead of starting Phase 2. This allows an adversary to impersonate Enterprise Wi-Fi networks.

22 Feb 2024, 17:15

Type Values Removed Values Added
New CVE
Information

Published : 2024-02-22 17:15

Updated : 2024-03-10 04:15

NVD link : CVE-2023-52160

Mitre link : CVE-2023-52160

CVE.ORG link : CVE-2023-52160

JSON object : View

Products Affected

fedoraproject

  • fedora

google

  • android
  • chrome_os

redhat

  • enterprise_linux

linux

  • linux_kernel

w1.fi

  • wpa_supplicant

debian

  • debian_linux
CWE
CWE-287

Improper Authentication