CVE-2019-13456

Published: Dec 3, 2019Modified: Nov 21, 2024

6.5

Vector

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Exploitability: 2.8 / Impact: 3.6

Source: NVD

Description

In FreeRADIUS 3.0 through 3.0.19, on average 1 in every 2048 EAP-pwd handshakes fails because the password element cannot be found within 10 iterations of the hunting and pecking loop. This leaks information that an attacker can use to recover the password of any user. This information leakage is similar to the "Dragonblood" attack and CVE-2019-9494.

Affected (4)

Products: Freeradius: Freeradius · Redhat: Enterprise Linux · Opensuse: Leap

1 product

1 product

Enterprise Linux

1 product

Configuration A

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Freeradius Freeradius	From 3.0.0 to 3.0.19

Running on/with	Platform Versions
Linux Linux Kernel	All versions

Configuration B

2 vulnerable

Vulnerable Software	Affected Versions
Redhat Enterprise Linux	Version 7.0
Redhat Enterprise Linux	Version 8.0

Configuration C

1 vulnerable

Vulnerable Software	Affected Versions
Opensuse Leap	Version 15.1

Related CWEs

Observable Discrepancy

The product behaves differently or sends different responses under different circumstances in a way that is observable to an unauthorized actor, which exposes security-relevant information about the state of the product, such as whether a particular operation was successful or not.

References (10)

http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00039.html

Source: cve@mitre.org

Mailing ListThird Party Advisory

https://bugzilla.redhat.com/show_bug.cgi?id=1737663

Source: cve@mitre.org

ExploitIssue TrackingPatchThird Party Advisory

https://freeradius.org/security/

Source: cve@mitre.org

Vendor Advisory

https://github.com/FreeRADIUS/freeradius-server/commit/3ea2a5a026e73d81cd9a3e9bbd4300c433004bfa

Source: cve@mitre.org

PatchThird Party Advisory

https://wpa3.mathyvanhoef.com

Source: cve@mitre.org

ExploitThird Party Advisory

http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00039.html

Source: af854a3a-2127-422b-91ae-364da2661108

Mailing ListThird Party Advisory

https://bugzilla.redhat.com/show_bug.cgi?id=1737663

Source: af854a3a-2127-422b-91ae-364da2661108

ExploitIssue TrackingPatchThird Party Advisory

https://freeradius.org/security/

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

https://github.com/FreeRADIUS/freeradius-server/commit/3ea2a5a026e73d81cd9a3e9bbd4300c433004bfa

Source: af854a3a-2127-422b-91ae-364da2661108

PatchThird Party Advisory

https://wpa3.mathyvanhoef.com

Source: af854a3a-2127-422b-91ae-364da2661108

ExploitThird Party Advisory

Timeline

No history available yet.