Lucene search

K
prionPRIOn knowledge basePRION:CVE-2017-9148
HistoryMay 29, 2017 - 5:29 p.m.

Authentication flaw

2017-05-2917:29:00
PRIOn knowledge base
www.prio-n.com

9.5 High

AI Score

Confidence

High

0.007 Low

EPSS

Percentile

80.3%

The TLS session cache in FreeRADIUS 2.1.1 through 2.1.7, 3.0.x before 3.0.14, 3.1.x before 2017-02-04, and 4.0.x before 2017-02-04 fails to reliably prevent resumption of an unauthenticated session, which allows remote attackers (such as malicious 802.1X supplicants) to bypass authentication via PEAP or TTLS.