- Fixed a vulnerability that allowed rogue servers with a valid certificate
accepted by the client to trick it into disclosing its username and even
password (if the client accepts EAP-GTC). This was caused because constraints
against the responder's authentication were enforced too late.
This vulnerability has been registered as CVE-2015-4171.
Please refer to our blog for details.