Vulnerability Details : CVE-2019-13456
In FreeRADIUS 3.0 through 3.0.19, on average 1 in every 2048 EAP-pwd handshakes fails because the password element cannot be found within 10 iterations of the hunting and pecking loop. This leaks information that an attacker can use to recover the password of any user. This information leakage is similar to the "Dragonblood" attack and CVE-2019-9494.
Products affected by CVE-2019-13456
- cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*
- cpe:2.3:a:freeradius:freeradius:*:*:*:*:*:*:*:*
- cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2019-13456
0.15%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 51 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2019-13456
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
2.9
|
LOW | AV:A/AC:M/Au:N/C:P/I:N/A:N |
5.5
|
2.9
|
NIST | |
6.5
|
MEDIUM | CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N |
2.8
|
3.6
|
NIST |
CWE ids for CVE-2019-13456
-
The product behaves differently or sends different responses under different circumstances in a way that is observable to an unauthorized actor, which exposes security-relevant information about the state of the product, such as whether a particular operation was successful or not.Assigned by: nvd@nist.gov (Primary)
References for CVE-2019-13456
-
https://github.com/FreeRADIUS/freeradius-server/commit/3ea2a5a026e73d81cd9a3e9bbd4300c433004bfa
EAP-pwd: fix side-channel leak where 1 in 2018 handshakes fail · FreeRADIUS/freeradius-server@3ea2a5a · GitHubPatch;Third Party Advisory
-
https://freeradius.org/security/
ReleasesVendor Advisory
-
https://bugzilla.redhat.com/show_bug.cgi?id=1737663
1737663 – (CVE-2019-13456) CVE-2019-13456 freeradius: eap-pwd: Information leak due to aborting when needing more than 10 iterationsExploit;Issue Tracking;Patch;Third Party Advisory
-
http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00039.html
[security-announce] openSUSE-SU-2020:0553-1: moderate: Security update fMailing List;Third Party Advisory
-
https://wpa3.mathyvanhoef.com
Dragonblood: Analysing WPA3's Dragonfly HandshakeExploit;Third Party Advisory
Jump to