← Zuruck zu CVEs

CVE-2019-13456

MEDIUM

6.5

Beschreibung

In FreeRADIUS 3.0 through 3.0.19, on average 1 in every 2048 EAP-pwd handshakes fails because the password element cannot be found within 10 iterations of the hunting and pecking loop. This leaks information that an attacker can use to recover the password of any user. This information leakage is similar to the "Dragonblood" attack and CVE-2019-9494.

CVE Details

CVSS v3.1 Bewertung6.5

SchweregradMEDIUM

CVSS VektorCVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

AngriffsvektorADJACENT_NETWORK

KomplexitatLOW

Erforderliche PrivilegienNONE

BenutzerinteraktionNONE

Veroffentlicht12/3/2019

Zuletzt geandert11/21/2024

Quellenvd

Honeypot-Sichtungen0

Betroffene Produkte

freeradius:freeradiuslinux:linux_kernelopensuse:leapredhat:enterprise_linux

Schwachen (CWE)

CWE-203

Referenzen

http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00039.html(cve@mitre.org)

https://bugzilla.redhat.com/show_bug.cgi?id=1737663(cve@mitre.org)

https://freeradius.org/security/(cve@mitre.org)

https://github.com/FreeRADIUS/freeradius-server/commit/3ea2a5a026e73d81cd9a3e9bbd4300c433004bfa(cve@mitre.org)

https://wpa3.mathyvanhoef.com(cve@mitre.org)

http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00039.html(af854a3a-2127-422b-91ae-364da2661108)

https://bugzilla.redhat.com/show_bug.cgi?id=1737663(af854a3a-2127-422b-91ae-364da2661108)

https://freeradius.org/security/(af854a3a-2127-422b-91ae-364da2661108)

https://github.com/FreeRADIUS/freeradius-server/commit/3ea2a5a026e73d81cd9a3e9bbd4300c433004bfa(af854a3a-2127-422b-91ae-364da2661108)

https://wpa3.mathyvanhoef.com(af854a3a-2127-422b-91ae-364da2661108)

IOC Korrelationen

Keine Korrelationen erfasst

This product uses data from the NVD API but is not endorsed or certified by the NVD.