A vulnerability in the RADIUS (Remote Authentication Dial-In User Service) protocol allows attackers to forge authentication responses when the Message-Authenticator attribute is not enforced. This issue arises from a cryptographically insecure integrity check using MD5, enabling attackers to spoof UDP-based RADIUS response packets. This can result in unauthorized access by modifying an Access-Reject response to an Access-Accept response, thereby compromising the authentication process.
Disable the use of RADIUS/UDP and RADIUS/TCP.
RADIUS/TLS or RADIUS/DTLS should be used.
bugzilla.redhat.com/show_bug.cgi?id=2263240
datatracker.ietf.org/doc/draft-ietf-radext-deprecating-radius/
datatracker.ietf.org/doc/html/rfc2865
networkradius.com/assets/pdf/radius_and_md5_collisions.pdf
nvd.nist.gov/vuln/detail/CVE-2024-3596
w1.fi/security/2024-1/hostapd-and-radius-protocol-forgery-attacks.txt
www.blastradius.fail/
www.cve.org/CVERecord?id=CVE-2024-3596
www.kb.cert.org/vuls/id/456537