CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2022-41859 – freeradius: Information leakage in EAP-PWD
https://notcve.org/view.php?id=CVE-2022-41859
In freeradius, the EAP-PWD function compute_password_element() leaks information about the password which allows an attacker to substantially reduce the size of an offline dictionary attack. En freeradius, la función EAP-PWD Compute_password_element() filtra información sobre la contraseña, lo que permite a un atacante reducir sustancialmente el tamaño de un ataque de diccionario fuera de línea. • https://freeradius.org/security https://github.com/FreeRADIUS/freeradius-server/commit/9e5e8f2f https://access.redhat.com/security/cve/CVE-2022-41859 https://bugzilla.redhat.com/show_bug.cgi?id=2078483 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-522: Insufficiently Protected Credentials •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2022-41860 – freeradius: Crash on unknown option in EAP-SIM
https://notcve.org/view.php?id=CVE-2022-41860
In freeradius, when an EAP-SIM supplicant sends an unknown SIM option, the server will try to look that option up in the internal dictionaries. This lookup will fail, but the SIM code will not check for that failure. Instead, it will dereference a NULL pointer, and cause the server to crash. En freeradius, cuando un solicitante de EAP-SIM envía una opción SIM desconocida, el servidor intentará buscar esa opción en los diccionarios internos. Esta búsqueda fallará, pero el código SIM no verificará ese error. • https://freeradius.org/security https://github.com/FreeRADIUS/freeradius-server/commit/f1cdbb33ec61c4a64a https://access.redhat.com/security/cve/CVE-2022-41860 https://bugzilla.redhat.com/show_bug.cgi?id=2078485 • CWE-476: NULL Pointer Dereference •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2022-41861 – freeradius: Crash on invalid abinary data
https://notcve.org/view.php?id=CVE-2022-41861
A flaw was found in freeradius. A malicious RADIUS client or home server can send a malformed abinary attribute which can cause the server to crash. • https://freeradius.org/security https://github.com/FreeRADIUS/freeradius-server/commit/0ec2b39d260e https://access.redhat.com/security/cve/CVE-2022-41861 https://bugzilla.redhat.com/show_bug.cgi?id=2078487 • CWE-20: Improper Input Validation CWE-400: Uncontrolled Resource Consumption •
CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 0CVE-2019-17185 – freeradius: eap-pwd: DoS issues due to multithreaded BN_CTX access
https://notcve.org/view.php?id=CVE-2019-17185
In FreeRADIUS 3.0.x before 3.0.20, the EAP-pwd module used a global OpenSSL BN_CTX instance to handle all handshakes. This mean multiple threads use the same BN_CTX instance concurrently, resulting in crashes when concurrent EAP-pwd handshakes are initiated. This can be abused by an adversary as a Denial-of-Service (DoS) attack. En FreeRADIUS versiones 3.0.x anteriores a 3.0.20, el módulo EAP-pwd utilizó una instancia OpenSSL BN_CTX global para manejar todos los protocolos de enlace. Esto significa que varios subprocesos utilizan la misma instancia de BN_CTX simultáneamente, resultando en bloqueos cuando los protocolos de enlace EAP-pwd son iniciados. • http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00039.html https://freeradius.org/security https://github.com/FreeRADIUS/freeradius-server/releases/tag/release_3_0_20 https://access.redhat.com/security/cve/CVE-2019-17185 https://bugzilla.redhat.com/show_bug.cgi?id=1816680 • CWE-567: Unsynchronized Access to Shared Data in a Multithreaded Context CWE-662: Improper Synchronization •
CVSS: 6.5EPSS: 0%CPEs: 5EXPL: 2CVE-2019-13456 – freeradius: eap-pwd: Information leak due to aborting when needing more than 10 iterations
https://notcve.org/view.php?id=CVE-2019-13456
In FreeRADIUS 3.0 through 3.0.19, on average 1 in every 2048 EAP-pwd handshakes fails because the password element cannot be found within 10 iterations of the hunting and pecking loop. This leaks information that an attacker can use to recover the password of any user. This information leakage is similar to the "Dragonblood" attack and CVE-2019-9494. En FreeRADIUS versiones 3.0 hasta 3.0.19, en promedio 1 de cada 2048 protocolos de enlace EAP-pwd presenta un fallo porque el elemento de contraseña no puede ser encontrado dentro de las 10 iteraciones del bucle de tipo "hunting and pecking". Esto filtra información que un atacante puede utilizar para recuperar la contraseña de cualquier usuario. • http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00039.html https://bugzilla.redhat.com/show_bug.cgi?id=1737663 https://freeradius.org/security https://github.com/FreeRADIUS/freeradius-server/commit/3ea2a5a026e73d81cd9a3e9bbd4300c433004bfa https://wpa3.mathyvanhoef.com https://access.redhat.com/security/cve/CVE-2019-13456 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-203: Observable Discrepancy •