vulnerability
CentOS Linux: CVE-2019-13456: Moderate: freeradius:3.0 security update (Multiple Advisories)
| Severity | CVSS | Published | Added | Modified |
|---|---|---|---|---|
| 3 | (AV:A/AC:M/Au:N/C:P/I:N/A:N) | Dec 3, 2019 | Apr 29, 2020 | May 25, 2023 |
Severity
3
CVSS
(AV:A/AC:M/Au:N/C:P/I:N/A:N)
Published
Dec 3, 2019
Added
Apr 29, 2020
Modified
May 25, 2023
Description
In FreeRADIUS 3.0 through 3.0.19, on average 1 in every 2048 EAP-pwd handshakes fails because the password element cannot be found within 10 iterations of the hunting and pecking loop. This leaks information that an attacker can use to recover the password of any user. This information leakage is similar to the "Dragonblood" attack and CVE-2019-9494.
Solutions
centos-upgrade-freeradiuscentos-upgrade-freeradius-debuginfocentos-upgrade-freeradius-debugsourcecentos-upgrade-freeradius-develcentos-upgrade-freeradius-doccentos-upgrade-freeradius-krb5centos-upgrade-freeradius-krb5-debuginfocentos-upgrade-freeradius-ldapcentos-upgrade-freeradius-ldap-debuginfocentos-upgrade-freeradius-mysqlcentos-upgrade-freeradius-mysql-debuginfocentos-upgrade-freeradius-perlcentos-upgrade-freeradius-perl-debuginfocentos-upgrade-freeradius-postgresqlcentos-upgrade-freeradius-postgresql-debuginfocentos-upgrade-freeradius-pythoncentos-upgrade-freeradius-restcentos-upgrade-freeradius-rest-debuginfocentos-upgrade-freeradius-sqlitecentos-upgrade-freeradius-sqlite-debuginfocentos-upgrade-freeradius-unixodbccentos-upgrade-freeradius-unixodbc-debuginfocentos-upgrade-freeradius-utilscentos-upgrade-freeradius-utils-debuginfo
References
NEW
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.