The default configuration of the FreeRADIUS server in Apple Mac OS X Server prior to 10.6.3 permits EAP-TLS authenticated connections on the basis of an arbitrary client certificate, which allows remote malicious users to obtain network connectivity via a crafted RADIUS Access Request message.
| Vulnerable Product | Search on Vulmon | Subscribe to Product |
|---|---|---|
apple mac os x 10.6.1 |
||
apple mac os x 10.6.2 |
||
apple mac os x 10.6.0 |
||
apple mac os x server 10.6.0 |
||
apple mac os x server 10.6.1 |
||
apple mac os x server 10.6.2 |
Vulmon