RADIUS Protocol under RFC 2865 is susceptible to forgery attacks by a local attacker who can modify any valid Response (Access-Accept, Access-Reject, or Access-Challenge) to any other response using a chosen-prefix collision attack against MD5 Response Authenticator signature.
El protocolo RADIUS según RFC 2865 es susceptible a ataques de falsificación por parte de un atacante local que puede modificar cualquier respuesta válida (acceso-aceptación, acceso-rechazo o acceso-desafío) a cualquier otra respuesta utilizando un ataque de colisión de prefijo elegido contra la firma del autenticador de respuesta MD5. .
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H
| Attack Vector | NETWORK |
|---|---|
| Attack Complexity | HIGH |
| Privileges Required | NONE |
| User Interaction | NONE |
| Scope | CHANGED |
| Confidentiality Impact | HIGH |
| Integrity Impact | HIGH |
| Availability Impact | HIGH |
| Source | Type | Description |
|---|---|---|
| [email protected] | Primary |
en
CWE-354
en
CWE-924
|
| Vendor | Product | Version | Update | Type |
|---|---|---|---|---|
| freeradius | freeradius | * | <built-in method update of dict object at 0x7d1e643c0bc0> | Application |
| broadcom | brocade_sannav | - | <built-in method update of dict object at 0x7d1ea0faf840> | Application |
| broadcom | fabric_operating_system | - | <built-in method update of dict object at 0x7d1e643c1140> | Operating System |
| sonicwall | sonicos | - | <built-in method update of dict object at 0x7d1e64be59c0> | Operating System |
| Vulnerable | CPE |
|---|---|
| Yes | cpe:2.3:a:freeradius:freeradius:*:*:*:*:*:*:*:* |
| Vulnerable | CPE |
|---|---|
| Yes | cpe:2.3:a:broadcom:brocade_sannav:-:*:*:*:*:*:*:* |
| Yes | cpe:2.3:o:broadcom:fabric_operating_system:-:*:*:*:*:*:*:* |
| Vulnerable | CPE |
|---|---|
| Yes | cpe:2.3:o:sonicwall:sonicos:-:*:*:*:*:*:*:* |