Vulnerability classification
Risk: 	Very high	High	[Medium]	Low	Not rated

Impact: 
•	Confidentiality 
Attacker Profile: 
•	Attack expertise: Expert 
•	Attack requirements: Remote (no account) over a standard service 
________________________________________
System Information

Affected Platform(s): 
•	Linux/Unix systems

Affected Software: 
•	FreeRADIUS versions prior to 3.0.20

Remarks: 
•	All the Linux/Unix distributions running FreeRADIUS are potentially impacted by this problem. The present advisory will be updated when patches are released for these distributions.

________________________________________
Description
Publication context: 
This vulnerability had the FA-2019.0306 reference in the Cert-IST list of Flaws under investigation. 

Problem description: 
A vulnerability has been discovered in FreeRADIUS. It allows an attacker to disclose potentially sensitive information. 

Technical context: 
Radius is a solution which implements access control and strong authentication used to access to remote systems. Radius has many implementations, among which the "FreeRADIUS" on Linux/Unix. 

Technical information: 
This vulnerability is due to a flaw in the implementation of EAP-pwd leading to aborting when needing more than 10 iterations. It allows an attacker, by initiating several EAP-pwd handshakes to leak information, which can then be used to recover the targeted user's WiFi password by performing dictionary and brute-force attacks. 
________________________________________
Solution
01 - Apply the Linux Fedora patches regarding the FreeRADIUS vulnerability
Linux Fedora released patches for: 
o	Linux Fedora 31
o	Linux Fedora 30

Refer to the Linux Fedora advisories listed in the "Additional Resources" section to get the details about these fixes.
•	Use "Dnf" to update Fedora 
o	https://fedoraproject.org/wiki/Dnf 
________________________________________