CVE-2011-2701

Name of the Vulnerable Software and Affected Versions FreeRADIUS version 2.1.11

Description The issue concerns the ocsp check function in rlm eap tls.c, which does not properly parse replies from OCSP responders when OCSP is enabled. This allows remote attackers to bypass authentication by using the EAP-TLS protocol with a revoked X.509 client certificate.

Recommendations For FreeRADIUS version 2.1.11, consider disabling the ocsp check function or restricting the use of the EAP-TLS protocol until a patch is available. Additionally, restrict access to the affected module to minimize the risk of exploitation.