Products
RADIUS Protocol
Source
cret@cert.org
Tags
CVE-2024-3596 details
Published : July 9, 2024, 12:15 p.m.
Last Modified : July 9, 2024, 10:15 p.m.
Last Modified : July 9, 2024, 10:15 p.m.
Description
RADIUS Protocol under RFC 2865 is susceptible to forgery attacks by a local attacker who can modify any valid Response (Access-Accept, Access-Reject, or Access-Challenge) to any other response using a chosen-prefix collision attack against MD5 Response Authenticator signature.
CVSS Score
| 1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | 9 | 10 |
|---|
Weakness
| Weakness | Name | Description |
|---|
References
| URL | Source |
|---|---|
| http://www.openwall.com/lists/oss-security/2024/07/09/4 | cret@cert.org |
| https://datatracker.ietf.org/doc/draft-ietf-radext-deprecating-radius/ | cret@cert.org |
| https://datatracker.ietf.org/doc/html/rfc2865 | cret@cert.org |
| https://networkradius.com/assets/pdf/radius_and_md5_collisions.pdf | cret@cert.org |
| https://www.blastradius.fail/ | cret@cert.org |
This website uses the NVD API, but is not approved or certified by it.