Lucene search

K
myhack58佚名MYHACK58:62201786912
HistoryJun 11, 2017 - 12:00 a.m.

No credentials of the cases, the attacker will be able to login to FreeRADIUS-vulnerability warning-the black bar safety net

2017-06-1100:00:00
佚名
www.myhack58.com
46

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.007 Low

EPSS

Percentile

80.3%

Recently, from the Luxembourg RESTENA the security research expert Stefan Winter in the current world’s most popular radius server found a TLS authentication bypass vulnerability.
! [](/Article/UploadPic/2017-6/2017611191119939. png? www. myhack58. com)
FreeRADIUS is currently the world’s most popular RADIUS server, in fact the vast majority of the radius server is based on FreeRADIUS development, including many open-source applications and commercial applications. In addition, it not only has been to a Fortune 500 company and the level of ISP providers offer three A-level technical support, and many enterprise-grade Wi-Fi and IEEE 802.1 X network especially in the education community are using FreeRADIUS it.
This vulnerability, CVE-2017-9148 found in TTLS and PEAP implementations, when the system is in the process to re-connect the TLS link would trigger this vulnerability, then the attacker will be able to bypass the system’s internal authentication mechanism.
Researchers in its release of a vulnerability report wrote:
β€œWhen FreeRADIUS in the handling of a reconnection of the TLS connection, FreeRADIUS in TTLS and PEAP implementation will bypass the system’s internal authentication mechanism. The key issue now is that, unless a TLS session, the initial link has successfully passed the internal validation, otherwise the server should never allow a TLS session to be re-connected. But, unfortunately, affected by this vulnerability FreeRADIUS version simply can not effectively prevent unauthenticated TLS session is re-connected, unless the system is completely disable the TLS session cache. And this also means that the attacker will be able to not send any valid credential the case of bypassing the system’s internal authentication mechanism.”
A communication connection interruption is actually a very normal thing, say, when the TLS on the communication link a user from one signal station to another signal Station occurs when the communication is interrupted and re-connect. And because of this vulnerability, the system does not require the user to re-login authentication.
Affected by Vulnerability CVE-2017-9148 affect the FreeRADIUS version is as follows:
2.2. x : full version;
3.0. x (stable version): 3.0.14 version before all versions;
3.1. x and 4. 0. x (development version): 2017-02-04 version all previous version;
Are using FreeRADIUS system administrators who need the updated version to the 3. 0. 14-party to resolve this problem, the current temporary solution is to disable TLS session caching.
Vulnerability report the vulnerability mitigation measures are as follows:
(a)disable the TLS session cache, i.e., in the EAP module settings cache settings area will be enabled parameter set to no(enabled = no
(b)the version update to 3. 0. 14

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.007 Low

EPSS

Percentile

80.3%