CVE-2011-4966

Name of the Vulnerable Software and Affected Versions FreeRADIUS versions prior to 2.2.0

Description The issue concerns improper password expiration checks in /etc/shadow when unix mode is enabled for user authentication. This allows remote authenticated users to authenticate using an expired password.

Recommendations For versions prior to 2.2.0, update to version 2.2.0 or later to resolve the issue. As a temporary workaround, consider disabling unix mode for user authentication until a patch is available. Restrict access to the authentication module to minimize the risk of exploitation. Avoid using expired passwords in the affected authentication process until the issue is resolved.