Vulnerability: Insecure Session Resumption in FreeRADIUS

Vulnerability: Insecure Session Resumption in FreeRADIUS

CVE-2017-9148 · HIGH Severity

AV:N/AC:L/AU:N/C:P/I:P/A:P

The TLS session cache in FreeRADIUS 2.1.1 through 2.1.7, 3.0.x before 3.0.14, 3.1.x before 2017-02-04, and 4.0.x before 2017-02-04 fails to reliably prevent resumption of an unauthenticated session, which allows remote attackers (such as malicious 802.1X supplicants) to bypass authentication via PEAP or TTLS.

Learn more about our Web Application Penetration Testing UK.