High Nessus Plugin ID 21163
SynopsisThe remote host is missing a vendor-supplied security patch
DescriptionThe remote host is missing the patch for the advisory SUSE-SA:2006:019 (freeradius).
Insufficient input validation was being done in the EAP-MSCHAPv2 state machine of the FreeRADIUS authentication server.
A malicious attacker could manipulate their EAP-MSCHAPv2 client state machine to potentially convince the server to bypass authentication checks. This bypassing could also result in the server crashing.
This is tracked by the Mitre CVE ID CVE-2006-1354.