Authentication Bypass by Spoofing Affecting freebsd package, versions [0,]
Threat Intelligence
Do your applications use this vulnerable package?
In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.
Test your applications- Snyk ID SNYK-UNMANAGED-FREEBSD-7443584
- published 11 Jul 2024
- disclosed 9 Jul 2024
- credit Mike Milano, Sharon Goldberg, Nadia Heninger, Dan Shumow, Marc Stevens, Miro Haller, Adam Suhl
Introduced: 9 Jul 2024
CVE-2024-3596 Open this link in a new tabHow to fix?
There is no fixed version for freebsd.
Overview
Affected versions of this package are vulnerable to Authentication Bypass by Spoofing due to a cryptographically insecure integrity check using MD5, when the Message-Authenticator attribute is not in use. (It is not enforced by default for non-EAP requests.) An attacker can gain unauthorized access by modifying any response to any other response, including an Access-Reject response to an Access-Accept response, using a chosen prefix attack against the hash value.
Notes:
While the attacker needs access to the network to which the RADIUS server is connected, the attack can be carried out against any server in the chain of proxies.
Exploitation of this vulnerability can be avoided by encrypting traffic from the RADIUS server with TLS or by requiring the
Message-Authenticatorattribute.Servers using EAP are not vulnerable to the attack demonstrated, as the
Message-Authenticatorattribute is enforced. However, the RADIUS packets themselves are still transmitted over UDP without TLS, so a variant of the same attack may be possible.