Back to search
CVE-2017-9148
Published: May 29, 2017
Modified: Aug 5, 2024
PUBLISHED
Description
The TLS session cache in FreeRADIUS 2.1.1 through 2.1.7, 3.0.x before 3.0.14, 3.1.x before 2017-02-04, and 4.0.x before 2017-02-04 fails to reliably prevent resumption of an unauthenticated session, which allows remote attackers (such as malicious 802.1X supplicants) to bypass authentication via PEAP or TTLS.
| Vendor | Product | Versions |
|---|---|---|
n/a | n/a | affected n/a |
References
http://freeradius.org/security.html
x_refsource_MISC
http://seclists.org/oss-sec/2017/q2/422
x_refsource_MISC
RHSA-2017:1581
vendor-advisory
x_refsource_REDHAT
1038576
vdb-entry
x_refsource_SECTRACK
98734
vdb-entry
x_refsource_BID
GLSA-201706-27
vendor-advisory
x_refsource_GENTOO
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now