In association with heise online

25 October 2011, 11:49

PacketFence NAC update closes XSS holes

  • Twitter
  • Facebook
  • submit to slashdot
  • StumbleUpon
  • submit to reddit

PacketFence logo Version 3.0.2 – a maintenance and security update – of the PacketFence open source network access control (NAC) system has been released. According to the Inverse development team, the update addresses two vulnerabilities in the captive portal and administrative interface that could have been exploited by an attacker to conduct cross-site scripting (XSS) attacks. Versions prior to 3.0.2 are affected; all users are advised to update to the new version.

Other changes include the addition of support for Trapeze Wireless controllers, enhancements to wireless deauthentication in bridge mode for certain controllers, validation improvements and translation updates.

Further details about the update, including a full list of changes, can be found in the official release announcement and in the change log. PacketFence 3.0.2 is available to download as source, or RPMs for RHEL6 or CentOS 6 from the project's site; documentation is provided. Licensed under the GPLv2, PacketFence is sponsored and developed by Inverse inc..

See also:


Print Version | Send by email | Permalink:

  • July's Community Calendar

The H Open

The H Security

The H Developer

The H Internet Toolkit