CVE-2019-13456

Public on 2019-12-03
Modified on 2020-10-22
Description
An information leak was discovered in the implementation of EAP-pwd in freeradius. An attacker could initiate several EAP-pwd handshakes to leak information, which can then be used to recover the user's WiFi password by performing dictionary and brute-force attacks.
Severity
Medium severity
Medium
CVSS v3 Base Score
5.3
See breakdown

Affected Packages

Platform Package Release Date Advisory Status
Amazon Linux 2 - Core freeradius 2020-10-22 ALAS2-2020-1515 Fixed

CVSS Scores

Score Type Score Vector
Amazon Linux CVSSv3 5.3 CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
NVD CVSSv2 2.9 AV:A/AC:M/Au:N/C:P/I:N/A:N
NVD CVSSv3 6.5 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N