Oval Definition:	oval:com.ubuntu.xenial:def:201580230000000
Revision Date: 2015-11-18 Version: 1 Title: CVE-2015-8023 on Ubuntu 16.04 LTS (xenial) - medium. Description: The server implementation of the EAP-MSCHAPv2 protocol in the eap-mschapv2 plugin in strongSwan 4.2.12 through 5.x before 5.3.4 does not properly validate local state, which allows remote attackers to bypass authentication via an empty Success message in response to an initial Challenge message. Family: unix Class: vulnerability Status: Reference(s): CVE-2015-8023 Platform(s): Ubuntu 16.04 LTS Product(s): Definition Synopsis Ubuntu 16.04 LTS (xenial) is installed. AND strongswan package in xenial was vulnerable but has been fixed (note: '5.1.2-0ubuntu7').
BACK