freeradius denial of service in authentication flow

Florian Weimer fw at
Sat Feb 15 20:46:42 UTC 2014

* Alan DeKok:

>   That's an issue, but a rare one IMHO.  The user has to exist on the
> system.  So this isn't a remote DoS.

Could you elaborate on this assessment?  Is this because typical data
sources for SSHA passwords limit the length of the salt and thus the
length of the SSHA hash?

(Debian security team)

More information about the freebsd-bugbusters mailing list