The default configuration of the FreeRADIUS server in Apple Mac OS X Server before 10.6.3 permits EAP-TLS authenticated connections on the basis of an arbitrary client certificate, which allows remote attackers to obtain network connectivity via a crafted RADIUS Access Request message.
2010-03-30T18:30:01.280
2025-04-11T00:51:21.963
Deferred
CVSSv2: 7.5 (HIGH)
AV:N/AC:L/Au:N/C:P/I:P/A:P
10.0
6.4
Type | Vendor | Product | Version/Range | Vulnerable? |
---|---|---|---|---|
Operating System | apple | mac_os_x | 10.6.0 | Yes |
Operating System | apple | mac_os_x | 10.6.1 | Yes |
Operating System | apple | mac_os_x | 10.6.2 | Yes |
Operating System | apple | mac_os_x_server | 10.6.0 | Yes |
Operating System | apple | mac_os_x_server | 10.6.1 | Yes |
Operating System | apple | mac_os_x_server | 10.6.2 | Yes |