Oval Definition:	oval:com.ubuntu.trusty:def:20158023000
Revision Date: 2015-11-18 Version: 1 Title: CVE-2015-8023 on Ubuntu 14.04 LTS (trusty) - medium. Description: The server implementation of the EAP-MSCHAPv2 protocol in the eap-mschapv2 plugin in strongSwan 4.2.12 through 5.x before 5.3.4 does not properly validate local state, which allows remote attackers to bypass authentication via an empty Success message in response to an initial Challenge message. Family: unix Class: vulnerability Status: Reference(s): CVE-2015-8023 Platform(s): Ubuntu 14.04 LTS Product(s): Definition Synopsis Ubuntu 14.04 LTS (trusty) is installed. AND The 'strongswan' package in trusty was vulnerable but has been fixed (note: '5.1.2-0ubuntu2.4').
BACK