Skip to main content

Freeradius CVE-2019-13456

MEDIUM
Observable Discrepancy (CWE-203)
2019-12-03 cve@mitre.org
6.5
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
6.5 MEDIUM
AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Attack Vector
Adjacent
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
None
Availability
None

Lifecycle Timeline

1
CVE Published
Dec 03, 2019 - 20:15 nvd
MEDIUM 6.5

DescriptionNVD

In FreeRADIUS 3.0 through 3.0.19, on average 1 in every 2048 EAP-pwd handshakes fails because the password element cannot be found within 10 iterations of the hunting and pecking loop. This leaks information that an attacker can use to recover the password of any user. This information leakage is similar to the "Dragonblood" attack and CVE-2019-9494.

AnalysisAI

In FreeRADIUS 3.0 through 3.0.19, on average 1 in every 2048 EAP-pwd handshakes fails because the password element cannot be found within 10 iterations of the hunting and pecking loop. Rated medium severity (CVSS 6.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Technical ContextAI

This vulnerability is classified under CWE-203. In FreeRADIUS 3.0 through 3.0.19, on average 1 in every 2048 EAP-pwd handshakes fails because the password element cannot be found within 10 iterations of the hunting and pecking loop. This leaks information that an attacker can use to recover the password of any user. This information leakage is similar to the "Dragonblood" attack and CVE-2019-9494. Affected products include: Freeradius, Redhat Enterprise Linux, Opensuse Leap. Version information: through 3.0.19.

RemediationAI

A vendor patch is available. Apply the latest security update as soon as possible. Apply vendor patches when available. Implement network segmentation and monitoring as interim mitigations.

CVE-2017-10979 CRITICAL
9.8 Jul 17

An FR-GV-202 issue in FreeRADIUS 2.x before 2.2.10 allows "Write overflow in rad_coalesce()" - this allows remote attack

CVE-2024-3596 CRITICAL
9.0 Jul 09

RADIUS Protocol under RFC 2865 is susceptible to forgery attacks by a local attacker who can modify any valid Response (

CVE-2017-10984 CRITICAL
9.8 Jul 17

An FR-GV-301 issue in FreeRADIUS 3.x before 3.0.15 allows "Write overflow in data2vp_wimax()" - this allows remote attac

CVE-2014-2015 HIGH POC
7.5 Nov 02

Stack-based buffer overflow in the normify function in the rlm_pap module (modules/rlm_pap/rlm_pap.c) in FreeRADIUS 2.x,

CVE-2019-10143 HIGH POC
7.0 May 24

It was discovered freeradius up to and including version 3.0.19 does not correctly configure logrotate, allowing a local

CVE-2017-9148 CRITICAL
9.8 May 29

The TLS session cache in FreeRADIUS 2.1.1 through 2.1.7, 3.0.x before 3.0.14, 3.1.x before 2017-02-04, and 4.0.x before

CVE-2019-11235 CRITICAL
9.8 Apr 22

FreeRADIUS before 3.0.19 mishandles the "each participant verifies that the received scalar is within a range, and that

CVE-2019-11234 CRITICAL
9.8 Apr 22

FreeRADIUS before 3.0.19 does not prevent use of reflection for authentication spoofing, aka a "Dragonblood" issue, a si

CVE-2012-3547 MEDIUM
6.8 Sep 18

Stack-based buffer overflow in the cbtls_verify function in FreeRADIUS 2.1.10 through 2.1.12, when using TLS-based EAP m

CVE-2015-8763 HIGH
8.1 Mar 27

The EAP-PWD module in FreeRADIUS 3.0 through 3.0.8 allows remote attackers to have unspecified impact via a crafted (1)

CVE-2015-8764 HIGH
8.1 Mar 27

Off-by-one error in the EAP-PWD module in FreeRADIUS 3.0 through 3.0.8, which triggers a buffer overflow. Rated high sev

CVE-2017-10978 HIGH
7.5 Jul 17

An FR-GV-201 issue in FreeRADIUS 2.x before 2.2.10 and 3.x before 3.0.15 allows "Read / write overflow in make_secret()"

Share

CVE-2019-13456 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy