26 matches found
MiracleLinux 9 : freeradius-3.0.21-37.el9 (AXSA:2023-5499:02)
The remote MiracleLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2023-5499:02 advisory. freeradius: Information leakage in EAP-PWD CVE-2022-41859 freeradius: Crash on unknown option in EAP-SIM CVE-2022-41860 freeradius: Crash on invalid...
Debian: Security Advisory (DLA-4232-1)
The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
[SECURITY] [DLA 4232-1] freeradius security update
------------------------------------------------------------------------- Debian LTS Advisory DLA-4232-1 [email protected] https://www.debian.org/lts/security/ Abhijith PA June 26, 2025 https://wiki.debian.org/LTS -...
Linux Distros Unpatched Vulnerability : CVE-2022-41859
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In freeradius, the EAP-PWD function computepasswordelement leaks information about the password which allows an attacker to substantially reduce the size of an...
OESA-2023-1954 freeradius security update
Remote Authentication Dial-In User Service RADIUS is a networking protocol that provides centralized Authentication, Authorization, and Accounting AAA or Triple A management for users who connect and use a network service. Security Fixes: In freeradius, the EAP-PWD function computepasswordelement...
OESA-2023-1956 freeradius security update
Remote Authentication Dial-In User Service RADIUS is a networking protocol that provides centralized Authentication, Authorization, and Accounting AAA or Triple A management for users who connect and use a network service. Security Fixes: In freeradius, the EAP-PWD function computepasswordelement...
OESA-2023-1955 freeradius security update
Remote Authentication Dial-In User Service RADIUS is a networking protocol that provides centralized Authentication, Authorization, and Accounting AAA or Triple A management for users who connect and use a network service. Security Fixes: In freeradius, the EAP-PWD function computepasswordelement...
AlmaLinux 8 : freeradius:3.0 (ALSA-2023:2870)
The remote AlmaLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2023:2870 advisory. freeradius: Information leakage in EAP-PWD CVE-2022-41859 freeradius: Crash on unknown option in EAP-SIM CVE-2022-41860 freeradius: Crash on invalid abina...
Moderate: Red Hat Security Advisory: freeradius:3.0 security update
An update for the freeradius:3.0 module is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...
Moderate: freeradius:3.0 security update
FreeRADIUS is a high-performance and highly configurable free Remote Authentication Dial In User Service RADIUS server, designed to allow centralized authentication and authorization for a network. Security Fixes: freeradius: Information leakage in EAP-PWD CVE-2022-41859 freeradius: Crash on...
Moderate: Red Hat Security Advisory: freeradius security and bug fix update
An update for freeradius is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from...
Moderate: freeradius security and bug fix update
FreeRADIUS is a high-performance and highly configurable free Remote Authentication Dial In User Service RADIUS server, designed to allow centralized authentication and authorization for a network. Security Fixes: freeradius: Information leakage in EAP-PWD CVE-2022-41859 freeradius: Crash on...
Medium: freeradius
Issue Overview: The EAP-PWD function computepasswordelement leaks information about the password which allows an attacker to substantially reduce the size of an offline dictionary attack. CVE-2022-41859 When an EAP-SIM supplicant sends an unknown SIM option, the server will try to look that optio...
Debian: Security Advisory (DLA-3342-1)
The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
[SECURITY] [DLA 3342-1] freeradius security update
Debian LTS Advisory DLA-3342-1 [email protected] https://www.debian.org/lts/security/ Markus Koschany February 24, 2023 https://wiki.debian.org/LTS Package : freeradius Version : 3.0.17+dfsg-1.1+deb10u2 CVE ID : CVE-2022-41859 CVE-2022-41860 CVE-2022-41861 Several flaws were found in...
SUSE CVE-2022-41859
In freeradius, the EAP-PWD function computepasswordelement leaks information about the password which allows an attacker to substantially reduce the size of an offline dictionary attack...
SUSE: Security Advisory (SUSE-SU-2023:0135-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
SUSE-SU-2023:0135-1 Security update for freeradius-server
This update for freeradius-server fixes the following issues: - CVE-2022-41859: Fixed an issue in EAP-PWD that could leak information about the password, which could facilitate dictionary attacks bsc1206204. - CVE-2022-41860: Fixed a crash in servers with EAPSIM manually configured, which could b...
CVE-2022-41859
CVE-2022-41859 affects the FreeRADIUS project. The vulnerability arises from the EAP-PWD function compute_password_element(), which leaks information about the password and enables an attacker to substantially reduce the size of an offline dictionary attack. Concrete details in connected sources ...
CVE-2022-41859
In freeradius, the EAP-PWD function computepasswordelement leaks information about the password which allows an attacker to substantially reduce the size of an offline dictionary attack...