CVE-2024-3596

Summary

RADIUS Protocol under RFC 2865 is susceptible to forgery attacks by a local attacker who can modify any valid Response (Access-Accept, Access-Reject, or Access-Challenge) to any other response using a chosen-prefix collision attack against MD5 Response Authenticator signature.

Affected Software

VendorProductVersion RangeStatus
IETFRFC2865affected

Weaknesses

  • CWE-328: Use of Weak Hash
  • CWE-200 Exposure of Sensitive Information to an Unauthorized Actor
  • CWE-924 Improper Enforcement of Message Integrity During Transmission in a Communication Channel

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: total

CVE Program Container

Additional References

Additional References

References