Oracle Linux 8 : freeradius:3.0 (ELSA-2020-1672)

The remote Oracle Linux 8 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2020-1672 advisory. - In FreeRADIUS 3.0 through 3.0.19, on average 1 in every 2048 EAP-pwd handshakes fails because the password element cannot be found within 10 iterations of the...

SUSE CVE-2019-13456

In FreeRADIUS 3.0 through 3.0.19, on average 1 in every 2048 EAP-pwd handshakes fails because the password element cannot be found within 10 iterations of the hunting and pecking loop. This leaks information that an attacker can use to recover the password of any user. This information leakage is...

client.thecybertechsolution.com Cross Site Scripting vulnerability OBB-2511353

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

SUSE: Security Advisory (SUSE-SU-2020:1018-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

SUSE: Security Advisory (SUSE-SU-2020:1020-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

SUSE: Security Advisory (SUSE-SU-2020:2391-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

SUSE: Security Advisory (SUSE-SU-2020:1023-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

NewStart CGSL CORE 5.04 / MAIN 5.04 : freeradius Multiple Vulnerabilities (NS-SA-2021-0037)

The remote NewStart CGSL host, running version CORE 5.04 / MAIN 5.04, has freeradius packages installed that are affected by multiple vulnerabilities: - In FreeRADIUS 3.0.x before 3.0.20, the EAP-pwd module used a global OpenSSL BNCTX instance to handle all handshakes. This mean multiple threads...

CentOS 8 : freeradius:3.0 (CESA-2020:1672)

The remote CentOS Linux 8 host has packages installed that are affected by a vulnerability as referenced in the CESA-2020:1672 advisory. - freeradius: eap-pwd: Information leak due to aborting when needing more than 10 iterations CVE-2019-13456 Note that Nessus has not tested for this issue but h...

Scientific Linux Security Update : freeradius on SL7.x x86_64 (20201001)

Security Fixes : - freeradius: privilege escalation due to insecure logrotate configuration CVE-2019-10143 - freeradius: eap-pwd: Information leak due to aborting when needing more than 10 iterations CVE-2019-13456 - freeradius: eap-pwd: DoS issues due to multithreaded BNCTX access CVE-2019-17185...

freeradius security update

CentOS Errata and Security Advisory CESA-2020:3984 An update for freeradius is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severi...

CentOS 7 : freeradius (RHSA-2020:3984)

The remote CentOS Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2020:3984 advisory. - It was discovered freeradius up to and including version 3.0.19 does not correctly configure logrotate, allowing a local attacker who already has...

Huawei EulerOS: Security Advisory for freeradius (EulerOS-SA-2020-2133)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

EulerOS 2.0 SP3 : freeradius (EulerOS-SA-2020-2133)

According to the versions of the freeradius package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - In FreeRADIUS 3.0.x before 3.0.20, the EAP-pwd module used a global OpenSSL BNCTX instance to handle all handshakes. This mean multiple threa...

SUSE SLES12 Security Update : freeradius-server (SUSE-SU-2020:2391-1)

This update for freeradius-server fixes the following issues : CVE-2019-13456: Fixed a side-channel password leak in EAP-pwd bsc1144524. CVE-2019-17185: Fixed a debial of service due to multithreaded BNCTX access bsc1166847. Note that Tenable Network Security has extracted the preceding descripti...

SUSE-SU-2020:2391-1 Security update for freeradius-server

This update for freeradius-server fixes the following issues: - CVE-2019-13456: Fixed a side-channel password leak in EAP-pwd bsc1144524. - CVE-2019-17185: Fixed a debial of service due to multithreaded BNCTX access bsc1166847...

RHEL 8 : freeradius:3.0 (RHSA-2020:1672)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2020:1672 advisory. FreeRADIUS is a high-performance and highly configurable free Remote Authentication Dial In User Service RADIUS server, designed to allow centralized...

openSUSE Security Update : freeradius-server (openSUSE-2020-553)

This update for freeradius-server fixes the following issues : - CVE-2019-13456: Fixed a side-channel password leak in EAP-pwd bsc1144524. - CVE-2019-17185: Fixed a debial of service due to multithreaded BNCTX access bsc1166847. - Fixed an issue in TLS-EAP where the OCSP verification, when an...

openSUSE: Security Advisory for freeradius-server (openSUSE-SU-2020:0553-1)

The remote host is missing an update for the Copyright C 2020 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

OPENSUSE-SU-2020:0553-1 Security update for freeradius-server

This update for freeradius-server fixes the following issues: - CVE-2019-13456: Fixed a side-channel password leak in EAP-pwd bsc1144524. - CVE-2019-17185: Fixed a debial of service due to multithreaded BNCTX access bsc1166847. - Fixed an issue in TLS-EAP where the OCSP verification, when an...