QwikSec

Security Database

CVE

CWE

Training

CVE-2023-52160

Published: Feb 22, 2024

Modified: Nov 4, 2025

PUBLISHED

Description

The implementation of PEAP in wpa_supplicant through 2.10 allows authentication bypass. For a successful attack, wpa_supplicant must be configured to not verify the network's TLS certificate during Phase 1 authentication, and an eap_peap_decrypt vulnerability can then be abused to skip Phase 2 authentication. The attack vector is sending an EAP-TLV Success packet instead of starting Phase 2. This allows an adversary to impersonate Enterprise Wi-Fi networks.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

https://w1.fi/cgit/hostap/commit/?id=8e6485a1bcb0baffdea9e55255a81270b768439c

https://www.top10vpn.com/research/wifi-vulnerabilities/

FEDORA-2024-a95bdde55b

vendor-advisory

[debian-lts-announce] 20240227 [SECURITY] [DLA 3743-1] wpa security update

mailing-list

FEDORA-2024-36d2be00d0

vendor-advisory

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.