The implementation of PEAP in wpa_supplicant through 2.10 allows authentication bypass. For a successful attack, wpa_supplicant must be configured to not verify the network's TLS certificate during Phase 1 authentication, and an eap_peap_decrypt vulnerability can then be abused to skip Phase 2 authentication. The attack vector is sending an EAP-TLV Success packet instead of starting Phase 2. This allows an adversary to impersonate Enterprise Wi-Fi networks.
Aliases: CVE-2023-52160
Modified: 2024-04--06T00:00:00.000Z
Published: 2024-04--06T00:00:00.000Z
References
https://nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-52160
https://w1.fi/cgit/hostap/commit/?id=8e6485a1bcb0baffdea9e55255a81270b768439c