10 matches found
OESA-2023-1954 freeradius security update
Remote Authentication Dial-In User Service RADIUS is a networking protocol that provides centralized Authentication, Authorization, and Accounting AAA or Triple A management for users who connect and use a network service. Security Fixes: In freeradius, the EAP-PWD function computepasswordelement...
OESA-2023-1955 freeradius security update
Remote Authentication Dial-In User Service RADIUS is a networking protocol that provides centralized Authentication, Authorization, and Accounting AAA or Triple A management for users who connect and use a network service. Security Fixes: In freeradius, the EAP-PWD function computepasswordelement...
OESA-2023-1953 freeradius security update
Remote Authentication Dial-In User Service RADIUS is a networking protocol that provides centralized Authentication, Authorization, and Accounting AAA or Triple A management for users who connect and use a network service. Security Fixes: In freeradius, the EAP-PWD function computepasswordelement...
OESA-2023-1956 freeradius security update
Remote Authentication Dial-In User Service RADIUS is a networking protocol that provides centralized Authentication, Authorization, and Accounting AAA or Triple A management for users who connect and use a network service. Security Fixes: In freeradius, the EAP-PWD function computepasswordelement...
freeradius: Information leakage in EAP-PWD
In freeradius, the EAP-PWD function computepasswordelement leaks information about the password which allows an attacker to substantially reduce the size of an offline dictionary attack...
freeradius: Information leakage in EAP-PWD
In freeradius, the EAP-PWD function computepasswordelement leaks information about the password which allows an attacker to substantially reduce the size of an offline dictionary attack...
DEBIAN-CVE-2022-41859
In freeradius, the EAP-PWD function computepasswordelement leaks information about the password which allows an attacker to substantially reduce the size of an offline dictionary attack...
ALPINE-CVE-2022-41859
In freeradius, the EAP-PWD function computepasswordelement leaks information about the password which allows an attacker to substantially reduce the size of an offline dictionary attack...
Vulnerabilities fixed in FreeRADIUS
Two vulnerabilities have been fixed in FreeRADIUS. The vulnerabilities allow a malicious party to cause a denial-of-service or to obtain sensitive data obtain. To cause the denial-of-service, the malicious party must possess a system in the FreeRADIUS "circle of trust." The developers of FreeRADI...
Default credentials
In FreeRADIUS 3.0 through 3.0.19, on average 1 in every 2048 EAP-pwd handshakes fails because the password element cannot be found within 10 iterations of the hunting and pecking loop. This leaks information that an attacker can use to recover the password of any user. This information leakage is...