Security issues with EAP-PWD
Alan DeKok
aland at deployingradius.com
Mon May 4 19:58:24 CEST 2015
On May 4, 2015, at 1:50 PM, Stefan Winter <stefan.winter at restena.lu> wrote:
>> The EAP-PWD module performed insufficient validation on packets received from an EAP peer. This module is not enabled in the default configuration. Administrators must manually enable it for their server to be vulnerable. Only versions 3.0 up to 3.0.8 are affected.
>
> I.e. Git 3.0.x is fixed?
Yes. All changes have been pushed back to git.
Alan DeKok.
More information about the Freeradius-Users
mailing list