Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

ubuntu логотип

CVE-2019-13456

Опубликовано: 03 дек. 2019
Источник: ubuntu
Приоритет: medium
EPSS Низкий
CVSS2: 2.9
CVSS3: 6.5

Описание

In FreeRADIUS 3.0 through 3.0.19, on average 1 in every 2048 EAP-pwd handshakes fails because the password element cannot be found within 10 iterations of the hunting and pecking loop. This leaks information that an attacker can use to recover the password of any user. This information leakage is similar to the "Dragonblood" attack and CVE-2019-9494.

РелизСтатусПримечание
bionic

not-affected

3.0.16+dfsg-1ubuntu3.1
devel

not-affected

3.0.17+dfsg-1.1ubuntu2
disco

not-affected

3.0.17+dfsg-1ubuntu2.1
esm-infra-legacy/trusty

DNE

esm-infra/bionic

not-affected

3.0.16+dfsg-1ubuntu3.1
esm-infra/xenial

not-affected

code not present
precise/esm

DNE

trusty

ignored

end of standard support
trusty/esm

DNE

upstream

released

3.0.17+dfsg-1.1

Показывать по

Ссылки на источники

EPSS

Процентиль: 51%
0.00277
Низкий

2.9 Low

CVSS2

6.5 Medium

CVSS3

Связанные уязвимости

redhat логотип

CVE-2019-13456

CVSS3: 5.3
redhat
больше 6 лет назад

In FreeRADIUS 3.0 through 3.0.19, on average 1 in every 2048 EAP-pwd handshakes fails because the password element cannot be found within 10 iterations of the hunting and pecking loop. This leaks information that an attacker can use to recover the password of any user. This information leakage is similar to the "Dragonblood" attack and CVE-2019-9494.

nvd логотип

CVE-2019-13456

CVSS3: 6.5
nvd
около 6 лет назад

In FreeRADIUS 3.0 through 3.0.19, on average 1 in every 2048 EAP-pwd handshakes fails because the password element cannot be found within 10 iterations of the hunting and pecking loop. This leaks information that an attacker can use to recover the password of any user. This information leakage is similar to the "Dragonblood" attack and CVE-2019-9494.

debian логотип

CVE-2019-13456

CVSS3: 6.5
debian
около 6 лет назад

In FreeRADIUS 3.0 through 3.0.19, on average 1 in every 2048 EAP-pwd h ...

github логотип

GHSA-qwvf-9vg7-643x

github
больше 3 лет назад

In FreeRADIUS 3.0 through 3.0.19, on average 1 in every 2048 EAP-pwd handshakes fails because the password element cannot be found within 10 iterations of the hunting and pecking loop. This leaks information that an attacker can use to recover the password of any user. This information leakage is similar to the "Dragonblood" attack and CVE-2019-9494.

oracle-oval логотип

ELSA-2020-1672

oracle-oval
больше 5 лет назад

ELSA-2020-1672: freeradius:3.0 security update (MODERATE)

EPSS

Процентиль: 51%
0.00277
Низкий

2.9 Low

CVSS2

6.5 Medium

CVSS3