| Name | CVE-2023-52160 |
| Description | The implementation of PEAP in wpa_supplicant through 2.10 allows authentication bypass. For a successful attack, wpa_supplicant must be configured to not verify the network's TLS certificate during Phase 1 authentication, and an eap_peap_decrypt vulnerability can then be abused to skip Phase 2 authentication. The attack vector is sending an EAP-TLV Success packet instead of starting Phase 2. This allows an adversary to impersonate Enterprise Wi-Fi networks. |
| Source | CVE (at NVD; CERT, LWN, oss-sec, fulldisc, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, GitHub advisories/code/issues, web search, more) |
| References | DLA-3743-1, ELA-1064-1 |
| Debian Bugs | 1064061 |
The table below lists information on source packages.
| Source Package | Release | Version | Status |
|---|---|---|---|
| wpa (PTS) | jessie, jessie (lts) | 2.3-1+deb8u14 | fixed |
| stretch (security) | 2:2.4-1+deb9u9 | vulnerable | |
| stretch (lts), stretch | 2:2.4-1+deb9u10 | fixed | |
| buster | 2:2.7+git20190128+0c1e29f-6+deb10u3 | vulnerable | |
| buster (security) | 2:2.7+git20190128+0c1e29f-6+deb10u4 | fixed | |
| bullseye | 2:2.9.0-21 | vulnerable | |
| bookworm | 2:2.10-12 | vulnerable | |
| trixie, sid | 2:2.10-21 | vulnerable |
The information below is based on the following data on fixed versions.
| Package | Type | Release | Fixed Version | Urgency | Origin | Debian Bugs |
|---|---|---|---|---|---|---|
| wpa | source | jessie | 2.3-1+deb8u14 | ELA-1064-1 | ||
| wpa | source | stretch | 2:2.4-1+deb9u10 | ELA-1064-1 | ||
| wpa | source | buster | 2:2.7+git20190128+0c1e29f-6+deb10u4 | DLA-3743-1 | ||
| wpa | source | (unstable) | (unfixed) | 1064061 |
https://w1.fi/cgit/hostap/commit/?id=8e6485a1bcb0baffdea9e55255a81270b768439c
https://www.top10vpn.com/research/wifi-vulnerabilities/
https://lists.infradead.org/pipermail/hostap/2024-February/042362.html
https://lists.infradead.org/pipermail/hostap/2024-February/042364.html