FreeRADIUS allows hackers to log in without credentials

The security researcher Stefan Winter has discovered a TLS resumption authentication bypass in FreeRADIUS, the worlds most popular RADIUS Server. The flaw, tracked as CVE-2017-9148, resides in the TTLS and PEAP implementations that skip inner authentication when handles a resumed TLS connection. The server must never allow resumption of a TLS session until its initial connection gets to the point where inner authentication has been finished successfully. All versions affected by the flaw need to upgrade to the version 3.0.14 that fixed the issue.”]

Source: https://securityaffairs.co/wordpress/59553/hacking/freeradius-tls-resumption-authentication-bypass.html

Something Fresh

What to Know About The Jamaica Data Protection Act

St Vincent and the Grenadines embracing CariSECURE

Jamaica's Gov’t Looking to Finalize Data Protection Act Regulations

What People Reading

Feedback and data-driven updates to Googles disclosure policy

Launching AnonLeaks, Ready To Dump More HBGary E-mails!

RSA: Geolocation shows just how dead privacy is

Mozilla Says Google's New Ad Tech - FLoC - Doesn't Protect User Privacy

Intel Confirms Unauthorized Access of Earnings-Related Data

Categories

Partners

Just add here your partners image or promo text