EUVD-2019-4929

Malware in sbrugna...

Oracle Linux 7 : freeradius (ELSA-2020-3984)

The remote Oracle Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2020-3984 advisory. 3.0.13-15 - Fixes EAP-PWD: DoS issues due to multithreaded BNCTX access Resolves: bz1818808 3.0.13-14 - Fixes receiving of multiple RADIUS packets unde...

EulerOS 2.0 SP3 : freeradius (EulerOS-SA-2020-2133)

According to the versions of the freeradius package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - In FreeRADIUS 3.0.x before 3.0.20, the EAP-pwd module used a global OpenSSL BNCTX instance to handle all handshakes. This mean multiple threa...

EulerOS 2.0 SP8 : freeradius (EulerOS-SA-2020-1005)

According to the version of the freeradius package installed, the EulerOS installation on the remote host is affected by the following vulnerability : - In FreeRADIUS 3.0 through 3.0.19, on average 1 in every 2048 EAP-pwd handshakes fails because the password element cannot be found within 10...

CVE-2019-13456

In FreeRADIUS 3.0 through 3.0.19, on average 1 in every 2048 EAP-pwd handshakes fails because the password element cannot be found within 10 iterations of the hunting and pecking loop. This leaks information that an attacker can use to recover the password of any user. This information leakage is...

Default credentials

In FreeRADIUS 3.0 through 3.0.19, on average 1 in every 2048 EAP-pwd handshakes fails because the password element cannot be found within 10 iterations of the hunting and pecking loop. This leaks information that an attacker can use to recover the password of any user. This information leakage is...