PT-2019-5502 · Freeradius+3 · Freeradius+3

Eyal Ronen

Published

2019-08-03

Updated

2024-06-15

CVE-2019-13456

CVSS v3.1

6.5

Medium

Vector

AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Name of the Vulnerable Software and Affected Versions FreeRADIUS versions 3.0 through 3.0.19

Description The issue is related to errors in EAP-pwd authentication, which can lead to information leakage. This leakage is similar to the "Dragonblood" attack and can be used by an attacker to recover the password of any user. On average, 1 in every 2048 EAP-pwd handshakes fails because the password element cannot be found within 10 iterations of the hunting and pecking loop. An attacker can exploit this vulnerability to obtain a password for authorization in a Wi-Fi network.

Recommendations For FreeRADIUS versions 3.0 through 3.0.19, at the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

Side Channel Attack

Information Disclosure

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-203CWE-200

Related Identifiers

BDU:2020-03319

CESA-2020_1672

CESA-2020_3984

CVE-2019-13456

MGASA-2020-0007

OESA-2021-1031

OPENSUSE-SU-2020:0553-1

OPENSUSE-SU-2020_0553-1

OPENSUSE-SU-2024:10767-1

RHSA-2020:1672

RHSA-2020:3984

RHSA-2020_1672

RHSA-2020_3984

SUSE-SU-2020:1018-1

SUSE-SU-2020:1020-1

SUSE-SU-2020:1023-1

SUSE-SU-2020:2391-1

SUSE-SU-2020_1018-1

SUSE-SU-2020_1020-1

SUSE-SU-2020_1023-1

SUSE-SU-2020_2391-1

Affected Products

Centos

Freeradius

Red Hat

Suse

PT-2019-5502 · Freeradius+3 · Freeradius+3

CVE-2019-13456

Weakness Enumeration

Related Identifiers

Affected Products

References · 59