Strongswan · Strongswan · CVE-2015-8023
**Name of the Vulnerable Software and Affected Versions**
strongSwan versions 4.2.12 through 5.x before 5.3.4
**Description**
The issue concerns the server implementation of the EAP-MSCHAPv2 protocol in the eap-mschapv2 plugin. It does not properly validate local state, allowing remote attackers to bypass authentication. This can be achieved by sending an empty Success message in response to an initial Challenge message.
**Recommendations**
For strongSwan versions 4.2.12 through 5.x before 5.3.4, update to version 5.3.4 or later to resolve the issue.