Endpoint Vulnerability

CVE-2019-13456freeradius: eap-pwd: Information leak due to aborting when needing more than 10 iterations

Description

An information leak was discovered in the implementation of EAP-pwd in freeradius. An attacker could initiate several EAP-pwd handshakes to leak information, which can then be used to recover the user's WiFi password by performing dictionary and brute-force attacks.

Affected Products

freeradius

References

CVE-2019-13456,