This script is Copyright (C) 2006-2013 Tenable Network Security, Inc.
The remote FreeBSD host is missing a security-related update.
The freeradius development team reports :
A validation issue exists with the EAP-MSCHAPv2 module in all versions
from 1.0.0 (where the module first appeared) to 1.1.0. Insufficient
input validation was being done in the EAP-MSCHAPv2 state machine. A
malicious attacker could manipulate their EAP-MSCHAPv2 client state
machine to potentially convince the server to bypass authentication
checks. This bypassing could also result in the server crashing
See also :
Update the affected package.
Risk factor :
High / CVSS Base Score : 7.5
CVSS Temporal Score : 5.5
Public Exploit Available : false