FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

freeradius -- authentication bypass vulnerability

Affected packages
1.0.0 < freeradius <= 1.1.0

Details

VuXML ID 1a216dfd-f710-11da-9156-000e0c2e438a
Discovery 2006-06-03
Entry 2006-06-08

The freeradius development team reports:

A validation issue exists with the EAP-MSCHAPv2 module in all versions from 1.0.0 (where the module first appeared) to 1.1.0. Insufficient input validation was being done in the EAP-MSCHAPv2 state machine. A malicious attacker could manipulate their EAP-MSCHAPv2 client state machine to potentially convince the server to bypass authentication checks. This bypassing could also result in the server crashing

References

Bugtraq ID 17293
CVE Name CVE-2006-1354