REDHAT-BUG-1737663: Medium severity freeradius vulnerability

Published Aug 6, 2019
·
Updated

A flaw was found in the implementation of EAP-pwd in FreeRADIUS. An attacker could initiate several EAP-pwd handshakes to leak information, which can then be used to recover the user's WiFi password by performing dictionary and brute-force attacks.

References:

https://wpa3.mathyvanhoef.com/#new

Affected Software

1 affected component
FreeRADIUS freeradius

Event History

Aug 6, 2019
Data Sourced
via Red Hat·01:38 AM
DescriptionSeverityAffected Software
Free Weekly Intel

Don't miss critical vulnerabilities

Join thousands of security professionals who receive our weekly digest of trending CVEs, zero-days, and exploited vulnerabilities.

No spam. Unsubscribe anytime.

Frequently Asked Questions

1

What is the severity of REDHAT-BUG-1737663?

The severity of REDHAT-BUG-1737663 is considered significant due to the potential for leakage of sensitive user information.

2

How do I fix REDHAT-BUG-1737663?

To fix REDHAT-BUG-1737663, ensure that you update to the latest version of FreeRADIUS that includes security patches addressing this vulnerability.

3

What causes REDHAT-BUG-1737663?

REDHAT-BUG-1737663 is caused by a flaw in the implementation of EAP-pwd in the FreeRADIUS software, allowing attackers to initiate multiple handshakes.

4

Who is affected by REDHAT-BUG-1737663?

Users of FreeRADIUS who utilize EAP-pwd for authentication may be affected by REDHAT-BUG-1737663.

5

What are the potential consequences of REDHAT-BUG-1737663?

The potential consequences of REDHAT-BUG-1737663 include unauthorized recovery of WiFi passwords through information leakage and subsequent brute-force attacks.

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co
By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.
© 2026 SecAlerts Pty Ltd.
ABN: 70 645 966 203, ACN: 645 966 203
REDHAT-BUG-1737663 - Medium severity freeradius vulnerability - SecAlerts