Improper Verification of Cryptographic Signature Affecting org.openidentityplatform.openam:openam-radius-common package, versions [,16.1.1)


Severity

Recommended
0.0
high
0
10

CVSS assessment by Snyk's Security Team. Learn more

Do your applications use this vulnerable package?

In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.

Test your applications
  • Snyk IDSNYK-JAVA-ORGOPENIDENTITYPLATFORMOPENAM-17675313
  • published29 Jun 2026
  • disclosed25 Jun 2026
  • creditUnknown

Introduced: 25 Jun 2026

NewCVE-2026-46560  (opens in a new tab)
CWE-347  (opens in a new tab)

How to fix?

Upgrade org.openidentityplatform.openam:openam-radius-common to version 16.1.1 or higher.

Overview

Affected versions of this package are vulnerable to Improper Verification of Cryptographic Signature in the RADIUS authentication process. An attacker can gain unauthorized access by sending a spoofed Access-Accept response to the client, which fails to verify the response authenticator, source IP/port, and response identifier. This allows impersonation of any user mapped to RADIUS without knowledge of the shared secret.

CVSS Base Scores

version 4.0
version 3.1