FreeRADIUS: Authentication bypass in EAP-MSCHAPv2 module

Background

FreeRADIUS is an open source RADIUS authentication server implementation.

Description

FreeRADIUS suffers from insufficient input validation in the EAP-MSCHAPv2 state machine.

Impact

An attacker could cause the server to bypass authentication checks by manipulating the EAP-MSCHAPv2 client state machine.

Workaround

There is no known workaround at this time.

Resolution

All FreeRADIUS users should upgrade to the latest version:

 # emerge --sync
 # emerge --ask --oneshot --verbose ">=net-dialup/freeradius-1.1.1"