ID CVE-2019-13456
Summary In FreeRADIUS 3.0 through 3.0.19, on average 1 in every 2048 EAP-pwd handshakes fails because the password element cannot be found within 10 iterations of the hunting and pecking loop. This leaks information that an attacker can use to recover the password of any user. This information leakage is similar to the "Dragonblood" attack and CVE-2019-9494.
References
Vulnerable Configurations
  • cpe:2.3:a:freeradius:freeradius:3.0.0:*:*:*:*:*:*:*
    cpe:2.3:a:freeradius:freeradius:3.0.0:*:*:*:*:*:*:*
  • cpe:2.3:a:freeradius:freeradius:3.0.0:-:*:*:*:*:*:*
    cpe:2.3:a:freeradius:freeradius:3.0.0:-:*:*:*:*:*:*
  • cpe:2.3:a:freeradius:freeradius:3.0.0:beta0:*:*:*:*:*:*
    cpe:2.3:a:freeradius:freeradius:3.0.0:beta0:*:*:*:*:*:*
  • cpe:2.3:a:freeradius:freeradius:3.0.0:beta1:*:*:*:*:*:*
    cpe:2.3:a:freeradius:freeradius:3.0.0:beta1:*:*:*:*:*:*
  • cpe:2.3:a:freeradius:freeradius:3.0.0:rc0:*:*:*:*:*:*
    cpe:2.3:a:freeradius:freeradius:3.0.0:rc0:*:*:*:*:*:*
  • cpe:2.3:a:freeradius:freeradius:3.0.0:rc1:*:*:*:*:*:*
    cpe:2.3:a:freeradius:freeradius:3.0.0:rc1:*:*:*:*:*:*
  • cpe:2.3:a:freeradius:freeradius:3.0.1:*:*:*:*:*:*:*
    cpe:2.3:a:freeradius:freeradius:3.0.1:*:*:*:*:*:*:*
  • cpe:2.3:a:freeradius:freeradius:3.0.2:*:*:*:*:*:*:*
    cpe:2.3:a:freeradius:freeradius:3.0.2:*:*:*:*:*:*:*
  • cpe:2.3:a:freeradius:freeradius:3.0.3:*:*:*:*:*:*:*
    cpe:2.3:a:freeradius:freeradius:3.0.3:*:*:*:*:*:*:*
  • cpe:2.3:a:freeradius:freeradius:3.0.4:*:*:*:*:*:*:*
    cpe:2.3:a:freeradius:freeradius:3.0.4:*:*:*:*:*:*:*
  • cpe:2.3:a:freeradius:freeradius:3.0.4:-:*:*:*:*:*:*
    cpe:2.3:a:freeradius:freeradius:3.0.4:-:*:*:*:*:*:*
  • cpe:2.3:a:freeradius:freeradius:3.0.4:rc0:*:*:*:*:*:*
    cpe:2.3:a:freeradius:freeradius:3.0.4:rc0:*:*:*:*:*:*
  • cpe:2.3:a:freeradius:freeradius:3.0.4:rc1:*:*:*:*:*:*
    cpe:2.3:a:freeradius:freeradius:3.0.4:rc1:*:*:*:*:*:*
  • cpe:2.3:a:freeradius:freeradius:3.0.4:rc2:*:*:*:*:*:*
    cpe:2.3:a:freeradius:freeradius:3.0.4:rc2:*:*:*:*:*:*
  • cpe:2.3:a:freeradius:freeradius:3.0.5:*:*:*:*:*:*:*
    cpe:2.3:a:freeradius:freeradius:3.0.5:*:*:*:*:*:*:*
  • cpe:2.3:a:freeradius:freeradius:3.0.6:*:*:*:*:*:*:*
    cpe:2.3:a:freeradius:freeradius:3.0.6:*:*:*:*:*:*:*
  • cpe:2.3:a:freeradius:freeradius:3.0.7:*:*:*:*:*:*:*
    cpe:2.3:a:freeradius:freeradius:3.0.7:*:*:*:*:*:*:*
  • cpe:2.3:a:freeradius:freeradius:3.0.7:-:*:*:*:*:*:*
    cpe:2.3:a:freeradius:freeradius:3.0.7:-:*:*:*:*:*:*
  • cpe:2.3:a:freeradius:freeradius:3.0.7:rc0:*:*:*:*:*:*
    cpe:2.3:a:freeradius:freeradius:3.0.7:rc0:*:*:*:*:*:*
  • cpe:2.3:a:freeradius:freeradius:3.0.8:*:*:*:*:*:*:*
    cpe:2.3:a:freeradius:freeradius:3.0.8:*:*:*:*:*:*:*
  • cpe:2.3:a:freeradius:freeradius:3.0.9:*:*:*:*:*:*:*
    cpe:2.3:a:freeradius:freeradius:3.0.9:*:*:*:*:*:*:*
  • cpe:2.3:a:freeradius:freeradius:3.0.10:*:*:*:*:*:*:*
    cpe:2.3:a:freeradius:freeradius:3.0.10:*:*:*:*:*:*:*
  • cpe:2.3:a:freeradius:freeradius:3.0.11:*:*:*:*:*:*:*
    cpe:2.3:a:freeradius:freeradius:3.0.11:*:*:*:*:*:*:*
  • cpe:2.3:a:freeradius:freeradius:3.0.12:*:*:*:*:*:*:*
    cpe:2.3:a:freeradius:freeradius:3.0.12:*:*:*:*:*:*:*
  • cpe:2.3:a:freeradius:freeradius:3.0.13:*:*:*:*:*:*:*
    cpe:2.3:a:freeradius:freeradius:3.0.13:*:*:*:*:*:*:*
  • cpe:2.3:a:freeradius:freeradius:3.0.14:*:*:*:*:*:*:*
    cpe:2.3:a:freeradius:freeradius:3.0.14:*:*:*:*:*:*:*
  • cpe:2.3:a:freeradius:freeradius:3.0.15:*:*:*:*:*:*:*
    cpe:2.3:a:freeradius:freeradius:3.0.15:*:*:*:*:*:*:*
  • cpe:2.3:a:freeradius:freeradius:3.0.16:*:*:*:*:*:*:*
    cpe:2.3:a:freeradius:freeradius:3.0.16:*:*:*:*:*:*:*
  • cpe:2.3:a:freeradius:freeradius:3.0.17:*:*:*:*:*:*:*
    cpe:2.3:a:freeradius:freeradius:3.0.17:*:*:*:*:*:*:*
  • cpe:2.3:a:freeradius:freeradius:3.0.18:*:*:*:*:*:*:*
    cpe:2.3:a:freeradius:freeradius:3.0.18:*:*:*:*:*:*:*
  • cpe:2.3:a:freeradius:freeradius:3.0.19:*:*:*:*:*:*:*
    cpe:2.3:a:freeradius:freeradius:3.0.19:*:*:*:*:*:*:*
  • cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*
    cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*
  • cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*
    cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*
  • cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*
    cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*
  • cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*
    cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*
CVSS
Base: 2.9 (as of 01-01-2022 - 20:06)
Impact:
Exploitability:
CWE CWE-203
CAPEC
Access
VectorComplexityAuthentication
ADJACENT_NETWORK MEDIUM NONE
Impact
ConfidentialityIntegrityAvailability
PARTIAL NONE NONE
cvss-vector via4 AV:A/AC:M/Au:N/C:P/I:N/A:N
redhat via4
advisories
bugzilla
id 1737663
title CVE-2019-13456 freeradius: eap-pwd: Information leak due to aborting when needing more than 10 iterations
oval
OR
  • comment Red Hat Enterprise Linux must be installed
    oval oval:com.redhat.rhba:tst:20070304026
  • AND
    • comment Red Hat Enterprise Linux 8 is installed
      oval oval:com.redhat.rhba:tst:20193384074
    • comment Module freeradius:3.0 is enabled
      oval oval:com.redhat.rhsa:tst:20191142027
    • OR
      • AND
        • comment freeradius is earlier than 0:3.0.17-7.module+el8.2.0+4847+336970e8
          oval oval:com.redhat.rhsa:tst:20201672001
        • comment freeradius is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhba:tst:20120881002
      • AND
        • comment freeradius-debugsource is earlier than 0:3.0.17-7.module+el8.2.0+4847+336970e8
          oval oval:com.redhat.rhsa:tst:20201672003
        • comment freeradius-debugsource is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20191142004
      • AND
        • comment freeradius-devel is earlier than 0:3.0.17-7.module+el8.2.0+4847+336970e8
          oval oval:com.redhat.rhsa:tst:20201672005
        • comment freeradius-devel is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20171581004
      • AND
        • comment freeradius-doc is earlier than 0:3.0.17-7.module+el8.2.0+4847+336970e8
          oval oval:com.redhat.rhsa:tst:20201672007
        • comment freeradius-doc is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20171581006
      • AND
        • comment freeradius-krb5 is earlier than 0:3.0.17-7.module+el8.2.0+4847+336970e8
          oval oval:com.redhat.rhsa:tst:20201672009
        • comment freeradius-krb5 is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhba:tst:20120881004
      • AND
        • comment freeradius-ldap is earlier than 0:3.0.17-7.module+el8.2.0+4847+336970e8
          oval oval:com.redhat.rhsa:tst:20201672011
        • comment freeradius-ldap is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhba:tst:20120881006
      • AND
        • comment freeradius-mysql is earlier than 0:3.0.17-7.module+el8.2.0+4847+336970e8
          oval oval:com.redhat.rhsa:tst:20201672013
        • comment freeradius-mysql is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhba:tst:20120881008
      • AND
        • comment freeradius-perl is earlier than 0:3.0.17-7.module+el8.2.0+4847+336970e8
          oval oval:com.redhat.rhsa:tst:20201672015
        • comment freeradius-perl is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhba:tst:20120881010
      • AND
        • comment freeradius-postgresql is earlier than 0:3.0.17-7.module+el8.2.0+4847+336970e8
          oval oval:com.redhat.rhsa:tst:20201672017
        • comment freeradius-postgresql is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhba:tst:20120881012
      • AND
        • comment freeradius-rest is earlier than 0:3.0.17-7.module+el8.2.0+4847+336970e8
          oval oval:com.redhat.rhsa:tst:20201672019
        • comment freeradius-rest is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20191142020
      • AND
        • comment freeradius-sqlite is earlier than 0:3.0.17-7.module+el8.2.0+4847+336970e8
          oval oval:com.redhat.rhsa:tst:20201672021
        • comment freeradius-sqlite is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20171581020
      • AND
        • comment freeradius-unixODBC is earlier than 0:3.0.17-7.module+el8.2.0+4847+336970e8
          oval oval:com.redhat.rhsa:tst:20201672023
        • comment freeradius-unixODBC is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhba:tst:20120881016
      • AND
        • comment freeradius-utils is earlier than 0:3.0.17-7.module+el8.2.0+4847+336970e8
          oval oval:com.redhat.rhsa:tst:20201672025
        • comment freeradius-utils is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhba:tst:20120881018
rhsa
id RHSA-2020:1672
released 2020-04-28
severity Moderate
title RHSA-2020:1672: freeradius:3.0 security update (Moderate)
rpms
  • freeradius-0:3.0.17-7.module+el8.2.0+4847+336970e8
  • freeradius-debuginfo-0:3.0.17-7.module+el8.2.0+4847+336970e8
  • freeradius-debugsource-0:3.0.17-7.module+el8.2.0+4847+336970e8
  • freeradius-devel-0:3.0.17-7.module+el8.2.0+4847+336970e8
  • freeradius-doc-0:3.0.17-7.module+el8.2.0+4847+336970e8
  • freeradius-krb5-0:3.0.17-7.module+el8.2.0+4847+336970e8
  • freeradius-krb5-debuginfo-0:3.0.17-7.module+el8.2.0+4847+336970e8
  • freeradius-ldap-0:3.0.17-7.module+el8.2.0+4847+336970e8
  • freeradius-ldap-debuginfo-0:3.0.17-7.module+el8.2.0+4847+336970e8
  • freeradius-mysql-0:3.0.17-7.module+el8.2.0+4847+336970e8
  • freeradius-mysql-debuginfo-0:3.0.17-7.module+el8.2.0+4847+336970e8
  • freeradius-perl-0:3.0.17-7.module+el8.2.0+4847+336970e8
  • freeradius-perl-debuginfo-0:3.0.17-7.module+el8.2.0+4847+336970e8
  • freeradius-postgresql-0:3.0.17-7.module+el8.2.0+4847+336970e8
  • freeradius-postgresql-debuginfo-0:3.0.17-7.module+el8.2.0+4847+336970e8
  • freeradius-rest-0:3.0.17-7.module+el8.2.0+4847+336970e8
  • freeradius-rest-debuginfo-0:3.0.17-7.module+el8.2.0+4847+336970e8
  • freeradius-sqlite-0:3.0.17-7.module+el8.2.0+4847+336970e8
  • freeradius-sqlite-debuginfo-0:3.0.17-7.module+el8.2.0+4847+336970e8
  • freeradius-unixODBC-0:3.0.17-7.module+el8.2.0+4847+336970e8
  • freeradius-unixODBC-debuginfo-0:3.0.17-7.module+el8.2.0+4847+336970e8
  • freeradius-utils-0:3.0.17-7.module+el8.2.0+4847+336970e8
  • freeradius-utils-debuginfo-0:3.0.17-7.module+el8.2.0+4847+336970e8
  • freeradius-0:3.0.13-15.el7
  • freeradius-debuginfo-0:3.0.13-15.el7
  • freeradius-devel-0:3.0.13-15.el7
  • freeradius-doc-0:3.0.13-15.el7
  • freeradius-krb5-0:3.0.13-15.el7
  • freeradius-ldap-0:3.0.13-15.el7
  • freeradius-mysql-0:3.0.13-15.el7
  • freeradius-perl-0:3.0.13-15.el7
  • freeradius-postgresql-0:3.0.13-15.el7
  • freeradius-python-0:3.0.13-15.el7
  • freeradius-sqlite-0:3.0.13-15.el7
  • freeradius-unixODBC-0:3.0.13-15.el7
  • freeradius-utils-0:3.0.13-15.el7
refmap via4
confirm https://github.com/FreeRADIUS/freeradius-server/commit/3ea2a5a026e73d81cd9a3e9bbd4300c433004bfa
misc
suse openSUSE-SU-2020:0553
Last major update 01-01-2022 - 20:06
Published 03-12-2019 - 20:15
Last modified 01-01-2022 - 20:06
Back to Top