FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

freeradius3 -- insufficient validation on packets

Affected packages
freeradius3 < 3.0.8


VuXML ID 0c2c4d84-42a2-11e5-9daa-14dae9d210b8
Discovery 2015-04-04
Entry 2015-08-14

Jouni Malinen reports:

The EAP-PWD module performed insufficient validation on packets received from an EAP peer. This module is not enabled in the default configuration. Administrators must manually enable it for their server to be vulnerable. Only versions 3.0 up to 3.0.8 are affected.