CVE-2011-2701 in FreeRADIUSinfo

Summary

The ocsp_check function in rlm_eap_tls.c in FreeRADIUS 2.1.11, when OCSP is enabled, does not properly parse replies from OCSP responders, which allows remote attackers to bypass authentication by using the EAP-TLS protocol with a revoked X.509 client certificate.

VulDB is the best source for vulnerability data and more expert information about this specific topic.

Reservation

07/11/2011

Disclosure

08/03/2011

Status

Confirmed

Entries

VulDB provides additional information and datapoints for this CVE:

ID	Vulnerability	CWE	Exp	Cou	CVE
58191	FreeRADIUS rlm_eap_tls.c ocsp_check improper authentication	287	Not defined	Not defined	CVE-2011-2701

Description

CPE

CWE

CVSS

Exploits

History

Diff

Relate

Threat Intelligence

API JSON

API XML

API CSV

Sources

MITRE
NVD
CVE Details

◂ PreviousOverviewNext ▸

Want to stay up to date on a daily basis?

Enable the mail alert feature now!