CVE-2019-13456Observable Discrepancy in Freeradius

CWE-203Observable DiscrepancyCWE-200Sensitive Information Exposure9 documents8 sources
Severity
6.5MEDIUMNVD
EPSS
0.2%
top 51.76%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
FreeradiusOpensuse LeapRedhat Enterprise Linux
Timeline
PublishedDec 3
Latest updateMay 24

Description

In FreeRADIUS 3.0 through 3.0.19, on average 1 in every 2048 EAP-pwd handshakes fails because the password element cannot be found within 10 iterations of the hunting and pecking loop. This leaks information that an attacker can use to recover the password of any user. This information leakage is similar to the "Dragonblood" attack and CVE-2019-9494.

CVSS vector

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:NExploitability: 2.8 | Impact: 3.6

Affected Packages3 packages

Debianfreeradius/freeradius< 3.0.20+dfsg-1+3
NVDfreeradius/freeradius3.0.03.0.19
NVDopensuse/leap15.1

Also affects: Enterprise Linux 7.0, 8.0

Patches

Patch: bugzilla.redhat.comPatch: github.comPatch: bugzilla.redhat.com

🔴Vulnerability Details

3
GHSA
GHSA-qwvf-9vg7-643x: In FreeRADIUS 32022-05-24
OSV
CVE-2019-13456: In FreeRADIUS 32019-12-03
CVEList
CVE-2019-13456: In FreeRADIUS 32019-12-03

📋Vendor Advisories

2
Red Hat
freeradius: eap-pwd: Information leak due to aborting when needing more than 10 iterations2019-08-03
Debian
CVE-2019-13456: freeradius - In FreeRADIUS 3.0 through 3.0.19, on average 1 in every 2048 EAP-pwd handshakes ...2019

💬Community

3
HackerOne
Dragonblood: Design and Implementation Flaws in WPA3 and EAP-pwd2020-05-05
Bugzilla
CVE-2019-13456 freeradius: eap-pwd: Information leak due to aborting when needing more than 10 iterations [fedora-all]2019-08-06
Bugzilla
CVE-2019-13456 freeradius: eap-pwd: Information leak due to aborting when needing more than 10 iterations2019-08-06