FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

freeradius -- EAP-MSCHAPv2 Authentication Bypass

Affected packages
1.0.0 <= freeradius < 1.1.1

Details

VuXML ID 37a5c10f-bf56-11da-b0e9-00123ffe8333
Discovery 2006-03-21
Entry 2006-03-29

Freeradius Security Contact reports:

Insufficient input validation was being done in the EAP-MSCHAPv2 state machine. A malicious attacker could manipulate their EAP-MSCHAPv2 client state machine to potentially convince the server to bypass authentication checks. This bypassing could also result in the server crashing.

[source]

References

CVE Name CVE-2006-1354
URL http://secunia.com/advisories/19300/
URL http://www.freeradius.org/security.html#1.1.0

Copyright © 2003-2005 Jacques Vidrine and contributors.
Please see the source of this document for full copyright information.