Freeradius Security Contact reports:
Insufficient input validation was being done in the
EAP-MSCHAPv2 state machine. A malicious attacker could
manipulate their EAP-MSCHAPv2 client state machine to
potentially convince the server to bypass authentication
checks. This bypassing could also result in the server
crashing.
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
FreeBSD | any | noarch | freeradius | = 1.0.0 | UNKNOWN |
FreeBSD | any | noarch | freeradius | < 1.1.1 | UNKNOWN |