CVE-2024-3596

Отчет

This vulnerability is of Important severity due to its ability to undermine the fundamental security mechanisms of RADIUS-based authentication systems. By exploiting the weak MD5 integrity check, an attacker can forge RADIUS responses, effectively bypassing authentication controls and gaining unauthorized access to network resources. This poses a significant threat to environments relying on RADIUS for user and device authentication, particularly those lacking enforced Message-Authenticator attributes or TLS/DTLS encryption. There are several preconditions for this attack to be possible:

• An attacker needs man-in-the-middle network access between the RADIUS client and server
• The client and server must be using RADIUS/UDP to communicate
• The attacker needs to be able to trigger a RADIUS client Access-Request ( for example the client is using PAP authentication) Due to these attack surface limitations, the impact is rated Important. Within Red Hat offerings, this impacts the FreeRADIUS package. This flaw allows a local, unauthenticated attacker to conduct a man-in-the-middle attack to log in as a third party without knowing their credentials. Servers using Extensible Authentication Protocol (EAP) with required Message-Authenticator attributes or those employing TLS/DTLS encryption are not affected.

Меры по смягчению последствий

Disable the use of RADIUS/UDP and RADIUS/TCP. RADIUS/TLS or RADIUS/DTLS should be used.