vulnerability
SUSE: CVE-2019-13456: SUSE Linux Security Advisory
| Severity | CVSS | Published | Added | Modified |
|---|---|---|---|---|
| 3 | (AV:A/AC:M/Au:N/C:P/I:N/A:N) | Dec 3, 2019 | Apr 18, 2020 | Feb 4, 2022 |
Severity
3
CVSS
(AV:A/AC:M/Au:N/C:P/I:N/A:N)
Published
Dec 3, 2019
Added
Apr 18, 2020
Modified
Feb 4, 2022
Description
In FreeRADIUS 3.0 through 3.0.19, on average 1 in every 2048 EAP-pwd handshakes fails because the password element cannot be found within 10 iterations of the hunting and pecking loop. This leaks information that an attacker can use to recover the password of any user. This information leakage is similar to the "Dragonblood" attack and CVE-2019-9494.
Solutions
suse-upgrade-freeradius-serversuse-upgrade-freeradius-server-develsuse-upgrade-freeradius-server-docsuse-upgrade-freeradius-server-krb5suse-upgrade-freeradius-server-ldapsuse-upgrade-freeradius-server-libssuse-upgrade-freeradius-server-mysqlsuse-upgrade-freeradius-server-perlsuse-upgrade-freeradius-server-postgresqlsuse-upgrade-freeradius-server-pythonsuse-upgrade-freeradius-server-python3suse-upgrade-freeradius-server-sqlitesuse-upgrade-freeradius-server-utils
NEW
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.