Lucene search

K
securityvulnsSecurityvulnsSECURITYVULNS:DOC:11881
HistoryMar 21, 2006 - 12:00 a.m.

Vulnerability Notifications

2006-03-2100:00:00
vulners.com
12

2006.03.20 v1.0.5, and v1.1.0 - A validation issue exists with the EAP-MSCHAPv2 module in all versions from 1.0.0 (where the module first appeared) to 1.1.0. Insufficient input validation was being done in the EAP-MSCHAPv2 state machine. A malicious attacker could manipulate their EAP-MSCHAPv2 client state machine to potentially convince the server to bypass authentication checks. This bypassing could also result in the server crashing. We recommend that administrators upgrade immediately.