Your submission was sent successfully! Close

CVE-2015-0210

Published: 28 August 2017

wpa_supplicant 2.0-16 does not properly check certificate subject name, which allows remote attackers to cause a man-in-the-middle attack.

Priority

Medium

CVSS 3 base score: 5.9

Status

Package Release Status
wpa
Launchpad, Ubuntu, Debian
Upstream Needs triage

Ubuntu 14.04 ESM (Trusty Tahr) Not vulnerable

wpasupplicant
Launchpad, Ubuntu, Debian
Upstream Needs triage

Ubuntu 14.04 ESM (Trusty Tahr) Does not exist

Notes

AuthorNote
mdeslaur
Ubuntu uses openssl with wpasupplicant
This CVE was issued for wpa_supplicant incorrectly doing a
substring match in subject_match. In fact, that is the
intended and documented behaviour.
This CVE is invalid.

References

Bugs