In freeradius, the EAP-PWD function compute_password_element() leaks information about the password which allows an attacker to substantially reduce the size of an offline dictionary attack.
References
Link | Resource |
---|---|
https://freeradius.org/security/ | Patch Vendor Advisory |
https://github.com/FreeRADIUS/freeradius-server/commit/9e5e8f2f | Patch Third Party Advisory |
Configurations
History
24 Jan 2023, 20:02
Type | Values Removed | Values Added |
---|---|---|
CPE | cpe:2.3:a:freeradius:freeradius:*:*:*:*:*:*:*:* | |
References | (MISC) https://freeradius.org/security/ - Patch, Vendor Advisory | |
References | (MISC) https://github.com/FreeRADIUS/freeradius-server/commit/9e5e8f2f - Patch, Third Party Advisory | |
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 7.5 |
CWE | CWE-522 | |
First Time |
Freeradius
Freeradius freeradius |
17 Jan 2023, 18:55
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2023-01-17 18:15
Updated : 2023-12-10 14:48
NVD link : CVE-2022-41859
Mitre link : CVE-2022-41859
CVE.ORG link : CVE-2022-41859
JSON object : View
Products Affected
freeradius
- freeradius