Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
modules/rlm_unix/rlm_unix.c in FreeRADIUS before 2.2.0, when unix mode is enabled for user authentication, does not properly check the password expiration in /etc/shadow, which allows remote authenticated users to authenticate using an expired password.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
FreeRADIUS 身份验证绕过漏洞
Vulnerability Description
FreeRadius是FreeRADIUS Server项目的一套实现了RADIUS协议的软件。该软件主要用于账户认证管理、记账管理和上网账户管理等,并包含有一个Radius服务器、一个BSD协议授权的客户端库、一个PAM库和一个Apache模块。 FreeRADIUS 2.2.0之前版本中的modules/rlm_unix/rlm_unix.c中存在漏洞,当用户身份验证启用unix模式时,程序没有正确校验/etc/shadow密码的有效期。远程认证攻击者可使用过期的密码通过认证。
CVSS Information
N/A
Vulnerability Type
N/A