Password Expiration Bypass Vulnerability in FreeRADIUS

Password Expiration Bypass Vulnerability in FreeRADIUS

CVE-2011-4966 · MEDIUM Severity

AV:N/AC:M/AU:S/C:P/I:P/A:P

modules/rlm_unix/rlm_unix.c in FreeRADIUS before 2.2.0, when unix mode is enabled for user authentication, does not properly check the password expiration in /etc/shadow, which allows remote authenticated users to authenticate using an expired password.

Learn more about our User Device Pen Test.