FreeRADIUS: Authentication bypass in EAP-MSCHAPv2 module The EAP-MSCHAPv2 module of FreeRADIUS is affected by a validation issue which causes some authentication checks to be bypassed. freeradius 2006-04-04 2006-04-04 127229 remote 1.1.1 1.0.0 1.1.1

FreeRADIUS is an open source RADIUS authentication server implementation.

FreeRADIUS suffers from insufficient input validation in the EAP-MSCHAPv2 state machine.

An attacker could cause the server to bypass authentication checks by manipulating the EAP-MSCHAPv2 client state machine.

There is no known workaround at this time.

All FreeRADIUS users should upgrade to the latest version:

# emerge --sync # emerge --ask --oneshot --verbose ">=net-dialup/freeradius-1.1.1" CVE-2006-1354 FreeRADIUS Vulnerability Notifications koon koon vorlon078