Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

debian логотип

CVE-2019-13456

Опубликовано: 03 дек. 2019
Источник: debian

Описание

In FreeRADIUS 3.0 through 3.0.19, on average 1 in every 2048 EAP-pwd handshakes fails because the password element cannot be found within 10 iterations of the hunting and pecking loop. This leaks information that an attacker can use to recover the password of any user. This information leakage is similar to the "Dragonblood" attack and CVE-2019-9494.

Пакеты

ПакетСтатусВерсия исправленияРелизТип
freeradiusfixed3.0.20+dfsg-1package
freeradiusfixed3.0.17+dfsg-1.1+deb10u1busterpackage
freeradiusno-dsastretchpackage
freeradiusnot-affectedjessiepackage

Примечания

  • https://github.com/FreeRADIUS/freeradius-server/commit/3ea2a5a026e73d81cd9a3e9bbd4300c433004bfa (release_3_0_20)

  • https://bugzilla.redhat.com/show_bug.cgi?id=1737663

  • https://wpa3.mathyvanhoef.com/#new

Связанные уязвимости

ubuntu логотип

CVE-2019-13456

CVSS3: 6.5
ubuntu
около 6 лет назад

In FreeRADIUS 3.0 through 3.0.19, on average 1 in every 2048 EAP-pwd handshakes fails because the password element cannot be found within 10 iterations of the hunting and pecking loop. This leaks information that an attacker can use to recover the password of any user. This information leakage is similar to the "Dragonblood" attack and CVE-2019-9494.

redhat логотип

CVE-2019-13456

CVSS3: 5.3
redhat
больше 6 лет назад

In FreeRADIUS 3.0 through 3.0.19, on average 1 in every 2048 EAP-pwd handshakes fails because the password element cannot be found within 10 iterations of the hunting and pecking loop. This leaks information that an attacker can use to recover the password of any user. This information leakage is similar to the "Dragonblood" attack and CVE-2019-9494.

nvd логотип

CVE-2019-13456

CVSS3: 6.5
nvd
около 6 лет назад

In FreeRADIUS 3.0 through 3.0.19, on average 1 in every 2048 EAP-pwd handshakes fails because the password element cannot be found within 10 iterations of the hunting and pecking loop. This leaks information that an attacker can use to recover the password of any user. This information leakage is similar to the "Dragonblood" attack and CVE-2019-9494.

github логотип

GHSA-qwvf-9vg7-643x

github
больше 3 лет назад

In FreeRADIUS 3.0 through 3.0.19, on average 1 in every 2048 EAP-pwd handshakes fails because the password element cannot be found within 10 iterations of the hunting and pecking loop. This leaks information that an attacker can use to recover the password of any user. This information leakage is similar to the "Dragonblood" attack and CVE-2019-9494.

oracle-oval логотип

ELSA-2020-1672

oracle-oval
больше 5 лет назад

ELSA-2020-1672: freeradius:3.0 security update (MODERATE)