{"id":"CVE-2023-52160","details":"The implementation of PEAP in wpa_supplicant through 2.10 allows authentication bypass. For a successful attack, wpa_supplicant must be configured to not verify the network's TLS certificate during Phase 1 authentication, and an eap_peap_decrypt vulnerability can then be abused to skip Phase 2 authentication. The attack vector is sending an EAP-TLV Success packet instead of starting Phase 2. This allows an adversary to impersonate Enterprise Wi-Fi networks.","modified":"2026-03-23T05:11:13.287595839Z","published":"2024-02-22T17:15:08.263Z","related":["ALSA-2024:2517","MGASA-2024-0053","SUSE-SU-2024:0764-1","SUSE-SU-2024:0764-2","SUSE-SU-2024:0818-1","SUSE-SU-2024:0819-1","SUSE-SU-2024:3354-1","SUSE-SU-2025:20089-1","openSUSE-SU-2024:13694-1"],"references":[{"type":"WEB","url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/N46C4DTVUWK336OYDA4LGALSC5VVPTCC/"},{"type":"WEB","url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QU6IR4KV3ZXJZLK2BY7HAHGZNCP7FPNI/"},{"type":"ADVISORY","url":"https://www.top10vpn.com/research/wifi-vulnerabilities/"},{"type":"ADVISORY","url":"https://lists.debian.org/debian-lts-announce/2024/02/msg00013.html"},{"type":"ADVISORY","url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QU6IR4KV3ZXJZLK2BY7HAHGZNCP7FPNI/"},{"type":"FIX","url":"https://w1.fi/cgit/hostap/commit/?id=8e6485a1bcb0baffdea9e55255a81270b768439c"},{"type":"ARTICLE","url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/N46C4DTVUWK336OYDA4LGALSC5VVPTCC/"}],"affected":[{"database_specific":{"unresolved_ranges":[{"events":[{"introduced":"0"},{"last_affected":"10.0"}]},{"events":[{"introduced":"0"},{"last_affected":"38"}]},{"events":[{"introduced":"0"},{"last_affected":"39"}]},{"events":[{"introduced":"0"},{"last_affected":"8.0"}]},{"events":[{"introduced":"0"},{"last_affected":"9.0"}]},{"events":[{"introduced":"0"},{"last_affected":"2.10"}]}],"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2023-52160.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N"}]}