CVE-2022-41859

Name
CVE-2022-41859
Description
In freeradius, the EAP-PWD function compute_password_element() leaks information about the password which allows an attacker to substantially reduce the size of an offline dictionary attack.
NVD Severity
medium
Other trackers
Mailing lists
Exploits
Forges
GitHub (code, issues), Aports (code, issues)

References

Type URI
MISC https://github.com/FreeRADIUS/freeradius-server/commit/9e5e8f2f
MISC https://freeradius.org/security/

Match rules

CPE URI Source package Min version Max version
cpe:2.3:a:freeradius:freeradius:*:*:*:*:*:*:*:* freeradius >= None < 3.0.0

Vulnerable and fixed packages

Source package Branch Version Maintainer Status
freeradius 3.16-main 3.0.26-r0 Leonardo Arena <rnalrd@alpinelinux.org> fixed
freeradius 3.15-main 3.0.26-r0 Leonardo Arena <rnalrd@alpinelinux.org> fixed