Vigil@nce - FreeRADIUS: bypass of TLS based flow protection
July 2017 by Vigil@nce
This bulletin was written by Vigil@nce : https://vigilance.fr/offer
SYNTHESIS OF THE VULNERABILITY
An attacker can made FreeRADIUS restore a TLS session before the
authentication process complete, in order to tamper with the EAP
based authentication.
Impacted products: Debian, Fedora, FreeRADIUS, openSUSE Leap,
RHEL, Ubuntu, WindRiver Linux.
Severity: 2/4.
Creation date: 29/05/2017.
DESCRIPTION OF THE VULNERABILITY
An attacker can made FreeRADIUS restore a TLS session before the
authentication process complete, in order to tamper with the EAP
based authentication.
Technical details are unknown.
ACCESS TO THE COMPLETE VIGIL@NCE BULLETIN
https://vigilance.fr/vulnerability/FreeRADIUS-bypass-of-TLS-based-flow-protection-22840