CVE-2023-52160Improper Authentication in WPA Supplicant

CWE-287Improper AuthenticationCWE-285Improper Authorization7 documents7 sources
Severity
6.5MEDIUMNVD
EPSS
4.2%
top 11.29%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
4
W1.fi WPA SupplicantDebian LinuxFedoraproject Fedora+1 more
Timeline
PublishedFeb 22

Description

The implementation of PEAP in wpa_supplicant through 2.10 allows authentication bypass. For a successful attack, wpa_supplicant must be configured to not verify the network's TLS certificate during Phase 1 authentication, and an eap_peap_decrypt vulnerability can then be abused to skip Phase 2 authentication. The attack vector is sending an EAP-TLV Success packet instead of starting Phase 2. This allows an adversary to impersonate Enterprise Wi-Fi networks.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:NExploitability: 2.8 | Impact: 3.6

Affected Packages1 packages

Also affects: Enterprise Linux 8.0, 9.0, Debian Linux 10.0, Fedora 38, 39

Patches

Patch: w1.fiPatch: w1.fi

🔴Vulnerability Details

3
CVEList
CVE-2023-52160: The implementation of PEAP in wpa_supplicant through 22024-02-22
OSV
CVE-2023-52160: The implementation of PEAP in wpa_supplicant through 22024-02-22
GHSA
GHSA-hj6q-jrf5-2pm3: The implementation of PEAP in wpa_supplicant through 22024-02-22

📋Vendor Advisories

3
Red Hat
wpa_supplicant: potential authorization bypass2024-02-16
Microsoft
The implementation of PEAP in wpa_supplicant through 2.10 allows authentication bypass. For a successful attack wpa_supplicant must be configured to not verify the network's TLS certificate during Pha2024-02-13
Debian
CVE-2023-52160: wpa - The implementation of PEAP in wpa_supplicant through 2.10 allows authentication ...2023
CVE-2023-52160 — Improper Authentication | cvebase