CVE-2024-3596
July 9, 2024, 10:15 p.m.
Tags
Product(s) Impacted
RADIUS Protocol
Description
RADIUS Protocol under RFC 2865 is susceptible to forgery attacks by a local attacker who can modify any valid Response (Access-Accept, Access-Reject, or Access-Challenge) to any other response using a chosen-prefix collision attack against MD5 Response Authenticator signature.
Weaknesses
Date
Published: July 9, 2024, 12:15 p.m.
Last Modified: July 9, 2024, 10:15 p.m.
Status : Awaiting Analysis
CVE has been recently published to the CVE List and has been received by the NVD.
More infoSource
cret@cert.org
References
http://www.openwall.com/
cret@cert.org
https://datatracker.ietf.org/
cret@cert.org
https://datatracker.ietf.org/
cret@cert.org
https://networkradius.com/
cret@cert.org
https://www.blastradius.fail/
cret@cert.org