CVE-2023-52160
Publication date 22 February 2024
Last updated 24 July 2024
Ubuntu priority
The implementation of PEAP in wpa_supplicant through 2.10 allows authentication bypass. For a successful attack, wpa_supplicant must be configured to not verify the network's TLS certificate during Phase 1 authentication, and an eap_peap_decrypt vulnerability can then be abused to skip Phase 2 authentication. The attack vector is sending an EAP-TLV Success packet instead of starting Phase 2. This allows an adversary to impersonate Enterprise Wi-Fi networks.
Status
| Package | Ubuntu Release | Status |
|---|---|---|
| wpa | 24.10 oracular |
Vulnerable, fix deferred
|
| 24.04 LTS noble |
Vulnerable, fix deferred
|
|
| 22.04 LTS jammy |
Vulnerable, fix deferred
|
|
| 20.04 LTS focal |
Vulnerable, fix deferred
|
|
| 18.04 LTS bionic |
Vulnerable, fix deferred
|
|
| 16.04 LTS xenial |
Vulnerable, fix deferred
|
|
| 14.04 LTS trusty |
Vulnerable, fix deferred
|
Notes
mdeslaur
Commit listed in this CVE is only a workaround for certain unrelated scenarios, as upstream claims the real issue here is misconfiguration and external components that generate bad configurations that don't follow the documentation. See the following: http://lists.infradead.org/pipermail/hostap/2024-February/042362.html http://lists.infradead.org/pipermail/hostap/2024-February/042364.html Marking wpa in this CVE as deferred as there is no fix available. Front-end components that generate bad configuration files should be added to this CVE if any are discovered.
Severity score breakdown
| Parameter | Value |
|---|---|
| Base score |
6.5 · Medium
|
| Attack vector | Network |
| Attack complexity | Low |
| Privileges required | None |
| User interaction | Required |
| Scope | Unchanged |
| Confidentiality | High |
| Integrity impact | None |
| Availability impact | None |
| Vector | CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N |