CVE-2022-41859

Опубликовано: 22 апр. 2022

Источник: redhat

CVSS3: 7.5

EPSS Низкий

Описание

In freeradius, the EAP-PWD function compute_password_element() leaks information about the password which allows an attacker to substantially reduce the size of an offline dictionary attack.

Затронутые пакеты

Платформа	Пакет	Состояние	Рекомендация	Релиз
Red Hat Enterprise Linux 6	freeradius	Out of support scope
Red Hat Enterprise Linux 7	freeradius	Out of support scope
Red Hat Enterprise Linux 8	freeradius	Fixed	RHSA-2023:2870	16.05.2023
Red Hat Enterprise Linux 9	freeradius	Fixed	RHSA-2023:2166	09.05.2023

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Moderate

Дефект:

CWE-522->CWE-200

https://bugzilla.redhat.com/show_bug.cgi?id=2078483freeradius: Information leakage in EAP-PWD

EPSS

Процентиль: 36%

0.00148

Низкий

7.5 High

CVSS3

Связанные уязвимости

CVE-2022-41859

CVSS3: 7.5

ubuntu

больше 2 лет назад

In freeradius, the EAP-PWD function compute_password_element() leaks information about the password which allows an attacker to substantially reduce the size of an offline dictionary attack.

CVE-2022-41859

CVSS3: 7.5

nvd

больше 2 лет назад

In freeradius, the EAP-PWD function compute_password_element() leaks information about the password which allows an attacker to substantially reduce the size of an offline dictionary attack.

CVE-2022-41859

CVSS3: 7.5

debian

больше 2 лет назад

In freeradius, the EAP-PWD function compute_password_element() leaks i ...

GHSA-cmvm-c7qf-pmc5

CVSS3: 7.5

github

больше 2 лет назад

In freeradius, the EAP-PWD function compute_password_element() leaks information about the password which allows an attacker to substantially reduce the size of an offline dictionary attack.

SUSE-SU-2023:0135-1

suse-cvrf

больше 2 лет назад

Security update for freeradius-server

EPSS

Процентиль: 36%

0.00148

Низкий

7.5 High

CVSS3