Vulnerabilities

CVE-2011-2701

by Fred · 03/08/2011

The ocsp_check function in rlm_eap_tls.c in FreeRADIUS 2.1.11, when OCSP is enabled, does not properly parse replies from OCSP responders, which allows remote attackers to bypass authentication by using the EAP-TLS protocol with a revoked X.509 client certificate.

Date published : 2011-08-03

http://www.securityfocus.com/bid/48880

http://www.securityfocus.com/archive/1/518974/100/0/threaded

Similar

Tags: Cybersecurity Alert