CESA-2017:1581 -- centos 7 freeradiusID: oval:org.secpod.oval:def:204534 | Date: (C)2017-07-04 (M)2022-10-10 |
Class: PATCH | Family: unix |
FreeRADIUS is a high-performance and highly configurable free Remote Authentication Dial In User Service server, designed to allow centralized authentication and authorization for a network. Security Fix: * An authentication bypass flaw was found in the way the EAP module in FreeRADIUS handled TLS session resumption. A remote unauthenticated attacker could potentially use this flaw to bypass the inner authentication check in FreeRADIUS by resuming an older unauthenticated TLS session