The default configuration of the FreeRADIUS server in Apple Mac OS X Server before 10.6.3 permits EAP-TLS authenticated connections on the basis of an arbitrary client certificate, which allows remote attackers to obtain network connectivity via a crafted RADIUS Access Request message.
CPE | Name | Operator | Version |
---|---|---|---|
mac_os_x | eq | 10.6.1 | |
mac_os_x | eq | 10.6.0 | |
mac_os_x | eq | 10.6.2 | |
mac_os_x_server | eq | 10.6.1 | |
mac_os_x_server | eq | 10.6.2 | |
mac_os_x_server | eq | 10.6.0 |