CVE-2023-52160

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2023-52160
The implementation of PEAP in wpa_supplicant through 2.10 allows authentication bypass. For a successful attack, wpa_supplicant must be configured to not verify the network's TLS certificate during Phase 1 authentication, and an eap_peap_decrypt vulnerability can then be abused to skip Phase 2 authentication. The attack vector is sending an EAP-TLV Success packet instead of starting Phase 2. This allows an adversary to impersonate Enterprise Wi-Fi networks.

6.5 /10

CVSS v3 : MEDIUM

V3 Legend

Vector :

Exploitability : 2.8 / Impact : 3.6

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction REQUIRED

Confidentiality Impact HIGH

Integrity Impact NONE

Availability Impact NONE

Scope UNCHANGED

References
Link Resource
https://lists.debian.org/debian-lts-announce/2024/02/msg00013.html Mailing List Third Party Advisory
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/N46C4DTVUWK336OYDA4LGALSC5VVPTCC/ Mailing List
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QU6IR4KV3ZXJZLK2BY7HAHGZNCP7FPNI/ Third Party Advisory
https://w1.fi/cgit/hostap/commit/?id=8e6485a1bcb0baffdea9e55255a81270b768439c Patch
https://www.top10vpn.com/research/wifi-vulnerabilities/ Third Party Advisory
https://lists.debian.org/debian-lts-announce/2024/02/msg00013.html Mailing List Third Party Advisory
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/N46C4DTVUWK336OYDA4LGALSC5VVPTCC/ Mailing List
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QU6IR4KV3ZXJZLK2BY7HAHGZNCP7FPNI/ Third Party Advisory
https://w1.fi/cgit/hostap/commit/?id=8e6485a1bcb0baffdea9e55255a81270b768439c Patch
https://www.top10vpn.com/research/wifi-vulnerabilities/ Third Party Advisory
Configurations

Configuration 1 (hide)

OR cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*
cpe:2.3:o:fedoraproject:fedora:38:*:*:*:*:*:*:*
cpe:2.3:o:fedoraproject:fedora:39:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux:9.0:*:*:*:*:*:*:*

Configuration 2 (hide)

AND
cpe:2.3:a:w1.fi:wpa_supplicant:*:*:*:*:*:*:*:*
OR cpe:2.3:o:google:android:-:*:*:*:*:*:*:*
cpe:2.3:o:google:chrome_os:-:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*
History

21 Nov 2024, 08:39

Type Values Removed Values Added
References () https://lists.debian.org/debian-lts-announce/2024/02/msg00013.html - Mailing List, Third Party Advisory () https://lists.debian.org/debian-lts-announce/2024/02/msg00013.html - Mailing List, Third Party Advisory
References () https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/N46C4DTVUWK336OYDA4LGALSC5VVPTCC/ - Mailing List () https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/N46C4DTVUWK336OYDA4LGALSC5VVPTCC/ - Mailing List
References () https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QU6IR4KV3ZXJZLK2BY7HAHGZNCP7FPNI/ - Third Party Advisory () https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QU6IR4KV3ZXJZLK2BY7HAHGZNCP7FPNI/ - Third Party Advisory
References () https://w1.fi/cgit/hostap/commit/?id=8e6485a1bcb0baffdea9e55255a81270b768439c - Patch () https://w1.fi/cgit/hostap/commit/?id=8e6485a1bcb0baffdea9e55255a81270b768439c - Patch
References () https://www.top10vpn.com/research/wifi-vulnerabilities/ - Third Party Advisory () https://www.top10vpn.com/research/wifi-vulnerabilities/ - Third Party Advisory

23 Oct 2024, 19:34

Type Values Removed Values Added
References () https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QU6IR4KV3ZXJZLK2BY7HAHGZNCP7FPNI/ - () https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QU6IR4KV3ZXJZLK2BY7HAHGZNCP7FPNI/ - Third Party Advisory
CPE cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
cpe:2.3:o:google:android:*:*:*:*:*:*:*:*
cpe:2.3:o:google:chrome_os:*:*:*:*:*:*:*:*		 cpe:2.3:o:fedoraproject:fedora:38:*:*:*:*:*:*:*
cpe:2.3:o:google:android:-:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*
cpe:2.3:o:google:chrome_os:-:*:*:*:*:*:*:*

10 Mar 2024, 04:15

Type Values Removed Values Added
References
  • () https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QU6IR4KV3ZXJZLK2BY7HAHGZNCP7FPNI/ -

04 Mar 2024, 22:47

Type Values Removed Values Added
References () https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/N46C4DTVUWK336OYDA4LGALSC5VVPTCC/ - () https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/N46C4DTVUWK336OYDA4LGALSC5VVPTCC/ - Mailing List
References () https://www.top10vpn.com/research/wifi-vulnerabilities/ - () https://www.top10vpn.com/research/wifi-vulnerabilities/ - Third Party Advisory
References () https://lists.debian.org/debian-lts-announce/2024/02/msg00013.html - () https://lists.debian.org/debian-lts-announce/2024/02/msg00013.html - Mailing List, Third Party Advisory
References () https://w1.fi/cgit/hostap/commit/?id=8e6485a1bcb0baffdea9e55255a81270b768439c - () https://w1.fi/cgit/hostap/commit/?id=8e6485a1bcb0baffdea9e55255a81270b768439c - Patch
CWE CWE-287
CPE cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
cpe:2.3:a:w1.fi:wpa_supplicant:*:*:*:*:*:*:*:*
cpe:2.3:o:google:chrome_os:*:*:*:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*
cpe:2.3:o:google:android:*:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux:9.0:*:*:*:*:*:*:*
cpe:2.3:o:fedoraproject:fedora:39:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*
CVSS v2 : unknown
v3 : unknown 		v2 : unknown
v3 : 6.5
First Time Redhat
Redhat enterprise Linux
Debian debian Linux
Google chrome Os
Debian
Google android
W1.fi
W1.fi wpa Supplicant
Google
Fedoraproject
Fedoraproject fedora
Linux
Linux linux Kernel

27 Feb 2024, 16:15

Type Values Removed Values Added
References
  • () https://lists.debian.org/debian-lts-announce/2024/02/msg00013.html -

27 Feb 2024, 02:15

Type Values Removed Values Added
References
  • () https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/N46C4DTVUWK336OYDA4LGALSC5VVPTCC/ -

22 Feb 2024, 18:15

Type Values Removed Values Added
New CVE
Information

Published : 2024-02-22 17:15

Updated : 2025-05-05 14:14

NVD link : CVE-2023-52160

Mitre link : CVE-2023-52160

CVE.ORG link : CVE-2023-52160

JSON object : View

Products Affected

w1.fi

  • wpa_supplicant

debian

  • debian_linux

google

  • chrome_os
  • android

fedoraproject

  • fedora

linux

  • linux_kernel

redhat

  • enterprise_linux
CWE
CWE-287

Improper Authentication