PT-2020-10486 · Freeradius · Freeradius

Published

2020-03-18

Updated

2020-03-18

CVE-2019-20510

None

No severity ratings or metrics are available. When they are, we'll update the corresponding info on the page.

Name of the Vulnerable Software and Affected Versions FreeRADIUS versions prior to 3.0.20

Description The issue is related to a side-channel information leak in the EAP-pwd implementation, specifically in the rlm eap/types/rlm eap pwd/eap pwd.c file. This leak is associated with the Hunting and Pecking abort for excessive iterations, potentially allowing remote attackers to discover passwords.

Recommendations For versions prior to 3.0.20, update to version 3.0.20 or later to resolve the issue.

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Related Identifiers

CVE-2019-20510

Affected Products

Freeradius

PT-2020-10486 · Freeradius · Freeradius

CVE-2019-20510

Related Identifiers

Affected Products

References · 2