Security issues with EAP-PWD

Arran Cudbard-Bell a.cudbardb at
Mon May 4 19:59:04 CEST 2015

> On May 4, 2015, at 1:50 PM, Stefan Winter <stefan.winter at> wrote:
> Hi,
>> The EAP-PWD module performed insufficient validation on packets received from an EAP peer. This module is not enabled in the default configuration. Administrators must manually enable it for their server to be vulnerable. Only versions 3.0 up to 3.0.8 are affected.
> I.e. Git 3.0.x is fixed?

Yeah, Alan pushed the fixes today.

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 842 bytes
Desc: Message signed with OpenPGP using GPGMail
URL: <>

More information about the Freeradius-Users mailing list