cpe:2.3:a:freeradius:freeradius:3.0.0:*:*:*:*:*:*:*
FreeRADIUS before 3.0.19 does not prevent use of reflection for authentication spoofing, aka a "Dragonblood" issue, a similar issue to CVE-2019-9497.
Max CVSS
9.8
EPSS Score
0.49%
Published
2019-04-22
Updated
2019-05-13
The TLS session cache in FreeRADIUS 2.1.1 through 2.1.7, 3.0.x before 3.0.14, 3.1.x before 2017-02-04, and 4.0.x before 2017-02-04 fails to reliably prevent resumption of an unauthenticated session, which allows remote attackers (such as malicious 802.1X supplicants) to bypass authentication via PEAP or TTLS.
Max CVSS
9.8
EPSS Score
0.70%
Published
2017-05-29
Updated
2018-01-05
2 vulnerabilities found
This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!