CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:N/C:P/I:P/A:N
EPSS
Percentile
80.6%
The ocsp_check function in rlm_eap_tls.c in FreeRADIUS 2.1.11, when OCSP is
enabled, does not properly parse replies from OCSP responders, which allows
remote attackers to bypass authentication by using the EAP-TLS protocol
with a revoked X.509 client certificate.
Author | Note |
---|---|
mdeslaur | OCSP support was added in 2.1.11 |