FreeRADIUS EAP-MSCHAPv2 Authentication Bypass Vulnerability

info
discussion
exploit
solution
references

FreeRADIUS EAP-MSCHAPv2 Authentication Bypass Vulnerability

FreeRADIUS is prone to an authentication-bypass vulnerability. The issue exists in the EAP-MSCHAPv2 state machine. Bypassing authentication could also cause the server to crash.

FreeRADIUS versions from 1.0.0 to 1.1.0 are vulnerable.