28 Jan
2013
28 Jan
'13
15:25
This CVE has been issued and a patch is available from Suse. But there's no more information.
Do you have any data to share about FreeRADIUS security?
Alan DeKok.
--
To unsubscribe, e-mail: opensuse-security+unsubscribe@opensuse.org
To contact the owner, e-mail: opensuse-security+owner@opensuse.org
28 Jan
28 Jan
15:34
On Mon, Jan 28, 2013 at 10:25:49AM -0500, Alan DeKok wrote:
This CVE has been issued and a patch is available from Suse. But there's no more information.
Do you have any data to share about FreeRADIUS security?
Sorry that our text was not informative here.
https://bugzilla.novell.com/show_bug.cgi?id=797313
First comment specifies the vulnerability: " When FreeRADIUS is configured to use the 'unix' module and shadow passwords, the password expiration field is ignored. This could allow a user with an expired password to authenticate against FreeRADIUS. "
Ciao, Marcus
--
To unsubscribe, e-mail: opensuse-security+unsubscribe@opensuse.org
To contact the owner, e-mail: opensuse-security+owner@opensuse.org
3480
days inactive
3480
days old
1 comments
participants
participants (2)
-
Alan DeKok -
Marcus Meissner