FreeBSD : freeradius -- EAP-MSCHAPv2 Authentication Bypass (37a5c10f-bf56-11da-b0e9-00123ffe8333)
High Nessus Plugin ID 21412
SynopsisThe remote FreeBSD host is missing a security-related update.
DescriptionFreeradius Security Contact reports :
Insufficient input validation was being done in the EAP-MSCHAPv2 state machine. A malicious attacker could manipulate their EAP-MSCHAPv2 client state machine to potentially convince the server to bypass authentication checks. This bypassing could also result in the server crashing.
SolutionUpdate the affected package.