{"id":"CVE-2019-13456","details":"In FreeRADIUS 3.0 through 3.0.19, on average 1 in every 2048 EAP-pwd handshakes fails because the password element cannot be found within 10 iterations of the hunting and pecking loop. This leaks information that an attacker can use to recover the password of any user. This information leakage is similar to the \"Dragonblood\" attack and CVE-2019-9494.","modified":"2026-04-16T04:32:31.625916389Z","published":"2019-12-03T20:15:11.013Z","related":["SUSE-SU-2020:1018-1","SUSE-SU-2020:1020-1","SUSE-SU-2020:1023-1","SUSE-SU-2020:2391-1","openSUSE-SU-2020:0553-1","openSUSE-SU-2024:10767-1"],"references":[{"type":"ADVISORY","url":"http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00039.html"},{"type":"ADVISORY","url":"https://freeradius.org/security/"},{"type":"FIX","url":"https://bugzilla.redhat.com/show_bug.cgi?id=1737663"},{"type":"FIX","url":"https://github.com/FreeRADIUS/freeradius-server/commit/3ea2a5a026e73d81cd9a3e9bbd4300c433004bfa"},{"type":"EVIDENCE","url":"https://wpa3.mathyvanhoef.com"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/freeradius/freeradius-server","events":[{"introduced":"580424ea12feeb5933f1aaac33fd5f9e2fa2ee60"},{"last_affected":"ab4c767099f263a7cd4109bcdca80ee74210a769"},{"fixed":"3ea2a5a026e73d81cd9a3e9bbd4300c433004bfa"}],"database_specific":{"versions":[{"introduced":"3.0.0"},{"last_affected":"3.0.19"}]}}],"versions":["release_3.0.8","release_3_0_0","release_3_0_1","release_3_0_10","release_3_0_11","release_3_0_12","release_3_0_13","release_3_0_14","release_3_0_15","release_3_0_16","release_3_0_17","release_3_0_18","release_3_0_19","release_3_0_2","release_3_0_3","release_3_0_4_rc0","release_3_0_4_rc1","release_3_0_4_rc2","release_3_0_5","release_3_0_6","release_3_0_7","release_3_0_8","release_3_0_9"],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2019-13456.json","vanir_signatures_modified":"2026-04-11T08:05:39Z","unresolved_ranges":[{"events":[{"introduced":"0"},{"last_affected":"7.0"}]},{"events":[{"introduced":"0"},{"last_affected":"8.0"}]},{"events":[{"introduced":"0"},{"last_affected":"15.1"}]}],"vanir_signatures":[{"id":"CVE-2019-13456-00236a95","target":{"file":"src/modules/rlm_eap/types/rlm_eap_pwd/eap_pwd.c"},"source":"https://github.com/freeradius/freeradius-server/commit/3ea2a5a026e73d81cd9a3e9bbd4300c433004bfa","deprecated":false,"signature_type":"Line","signature_version":"v1","digest":{"threshold":0.9,"line_hashes":["89935798525438566466430162199253829452","81647710231959316056227725849772260406","152415234295948334304432021215881623866","308429609400966599289844350125081267785"]}},{"id":"CVE-2019-13456-dd1c8dac","target":{"file":"src/modules/rlm_eap/types/rlm_eap_pwd/eap_pwd.c","function":"compute_password_element"},"deprecated":false,"signature_type":"Function","source":"https://github.com/freeradius/freeradius-server/commit/3ea2a5a026e73d81cd9a3e9bbd4300c433004bfa","signature_version":"v1","digest":{"length":3466,"function_hash":"122431488409810273570799720099759230333"}}]}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"}]}