freeradius3 -- insufficient validation on packets

2015-04-04T00:00:00
ID 0C2C4D84-42A2-11E5-9DAA-14DAE9D210B8
Type freebsd
Reporter FreeBSD
Modified 2015-04-04T00:00:00

Description

Jouni Malinen reports:

The EAP-PWD module performed insufficient validation on packets received from an EAP peer. This module is not enabled in the default configuration. Administrators must manually enable it for their server to be vulnerable. Only versions 3.0 up to 3.0.8 are affected.