NA
CVSSv2

CVE-2024-3596

CVSSv4: NA | CVSSv3: 9 | CVSSv2: NA | VMScore: 1000 | EPSS: 0.00159 | KEV: Not Included
Published: 09/07/2024 Updated: 30/12/2024

Vulnerability Summary

Local Response Forgery in RADIUS Protocol via MD5 Collision Attack

RADIUS Protocol under RFC 2865 has a vulnerability. A local attacker can forge responses. They can change any valid Response (Access-Accept, Access-Reject, or Access-Challenge) to another response. This is done using a chosen-prefix collision attack on the MD5 Response Authenticator signature.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

freeradius freeradius

broadcom brocade sannav -

broadcom fabric operating system -

sonicwall sonicos -

Vendor Advisories

RADIUS Protocol under RFC 2865 is susceptible to forgery attacks by a local attacker who can modify any valid Response (Access-Accept, Access-Reject, or Access-Challenge) to any other response using a chosen-prefix collision attack against MD5 Response Authenticator signature (CVE-2024-3596) ...
On July 7, 2024, security researchers disclosed the following vulnerability in the RADIUS protocol: CVE-2024-3596: RADIUS Protocol under RFC 2865 is susceptible to forgery attacks by an on-path attacker who can modify any valid Response (Access-Accept, Access-Reject, or Access-Challenge) to any other response using a chosen-prefix collision attack ...
CVE-2024-3596 PAN-OS: CHAP and PAP When Used with RADIUS Authentication Lead to Privilege Escalation ...

Mailing Lists

kbcertorg/vuls/id/456537 discloses the new Blast-RADIUS attack: blogcloudflarecom/radius-udp-vulnerable-md5-attack/ provides additional detail, including: wwwblastradiusfail/ has further details from the researchers wwwfreeradiusorg/security/ provides a lengthy response from the FreeRADIUS maintainers ...

Github Repositories

RADIUS Vulnerability Detector This script detects the CVE-2024-3596 vulnerability in RADIUS/UDP traffic by checking for MD5 collisions It captures RADIUS Access-Request packets and attempts to generate MD5 collisions to determine if the system is vulnerable Requirements Python 3x scapy library pyrad library Installation Ensure you have Python 3 installed You can check y

Recent Articles

New Blast-RADIUS attack bypasses widely-used RADIUS authentication
BleepingComputer • Sergiu Gatlan • 09 Jul 2024

New Blast-RADIUS attack bypasses widely-used RADIUS authentication By Sergiu Gatlan July 9, 2024 03:44 PM 0 Blast-RADIUS, an authentication bypass in the widely used RADIUS/UDP protocol, enables threat actors to breach networks and devices in man-in-the-middle MD5 collision attacks. Many networked devices (including switches, routers, and other routing infrastructure) on enterprise and telecommunication networks use the authentication and authorization RADIUS (Remote Authentication Dial-In User ...

Microsoft July 2024 Patch Tuesday fixes 142 flaws, 4 zero-days
BleepingComputer • Lawrence Abrams • 09 Jul 2024

Microsoft July 2024 Patch Tuesday fixes 142 flaws, 4 zero-days By Lawrence Abrams July 9, 2024 01:52 PM 0 .crit { font-weight:bold; color:red; } .article_section td { font-size: 14px!important; } Today is Microsoft's July 2024 Patch Tuesday, which includes security updates for 142 flaws, including two actively exploited and two publicly disclosed zero-days. This Patch Tuesday fixed five critical vulnerabilities, with all being remote code execution flaws. The number of bugs in each vulnerability...

RADIUS networking protocol blasted into submission through MD5-based flaw
The Register

Topics Security Off-Prem On-Prem Software Offbeat Special Features Vendor Voice Vendor Voice Resources If someone can do a little MITM'ing and hash cracking, they can log in with no valid password needed

Cybersecurity experts at universities and Big Tech have disclosed a vulnerability in a common client-server networking protocol that allows snoops to potentially bypass user authentication via man-in-the-middle (MITM) attacks. If the vulnerability, rated 7.5 out of 10 on the CVSS severity scale and tracked as CVE-2024-3596, is exploited – and it's not that easy to pull off – attackers could theoretically access to network devices and services without needing to obtain any credentials. It doe...