51 matches found
CVE-2024-3596 RADIUS Protocol under RFC2865 is vulnerable to forgery attacks.
RADIUS Protocol under RFC 2865 is susceptible to forgery attacks by a local attacker who can modify any valid Response Access-Accept, Access-Reject, or Access-Challenge to any other response using a chosen-prefix collision attack against MD5 Response Authenticator signature...
CVE-2024-3596
Summary: CVE-2024-3596 is a forgery vulnerability in RADIUS (RFC 2865) where a local attacker can modify a valid RADIUS response to another response using a chosen-prefix collision against MD5. The vulnerability is associated with FreeRADIUS and is covered in multiple advisories (ALAS/ALSA) confi...
EUVD-2024-32175
RADIUS Protocol under RFC 2865 is susceptible to forgery attacks by a local attacker who can modify any valid Response Access-Accept, Access-Reject, or Access-Challenge to any other response using a chosen-prefix collision attack against MD5 Response Authenticator signature...
CVE-2024-3596
RADIUS Protocol under RFC 2865 is susceptible to forgery attacks by a local attacker who can modify any valid Response Access-Accept, Access-Reject, or Access-Challenge to any other response using a chosen-prefix collision attack against MD5 Response Authenticator signature...
CVE-2024-3596 RADIUS Protocol under RFC2865 is vulnerable to forgery attacks.
RADIUS Protocol under RFC 2865 is susceptible to forgery attacks by a local attacker who can modify any valid Response Access-Accept, Access-Reject, or Access-Challenge to any other response using a chosen-prefix collision attack against MD5 Response Authenticator signature...
CVE-2024-3596
RADIUS Protocol under RFC 2865 is susceptible to forgery attacks by a local attacker who can modify any valid Response Access-Accept, Access-Reject, or Access-Challenge to any other response using a chosen-prefix collision attack against MD5 Response Authenticator signature...
KB5040456: Windows Server 2012 R2 Security Update (July 2024)
The remote Windows host is missing security update 5040456. It is, therefore, affected by multiple vulnerabilities - RADIUS Protocol under RFC 2865 is susceptible to forgery attacks by a local attacker who can modify any valid Response Access-Accept, Access-Reject, or Access-Challenge to any othe...
KB5040427: Windows 10 Version 21H2 / Windows 10 Version 22H2 Security Update (July 2024)
The remote Windows host is missing security update 5040427. It is, therefore, affected by multiple vulnerabilities - RADIUS Protocol under RFC 2865 is susceptible to forgery attacks by a local attacker who can modify any valid Response Access-Accept, Access-Reject, or Access-Challenge to any othe...
KB5040438: Windows 11 version 22H2 / Windows Server version 23H2 Security Update (July 2024)
The remote Windows host is missing security update 5040438. It is, therefore, affected by multiple vulnerabilities - RADIUS Protocol under RFC 2865 is susceptible to forgery attacks by a local attacker who can modify any valid Response Access-Accept, Access-Reject, or Access-Challenge to any othe...
PT-2024-4668
Name of the Vulnerable Software and Affected Versions: RADIUS Protocol affected versions not specified FreeRadius affected versions not specified Palo Alto Networks PAN-OS affected versions not specified eduMFA prior version 2.2.0 Description: The RADIUS protocol under RFC 2865 is susceptible to...
KB5040430: Windows 10 version 1809 / Windows Server 2019 Security Update (July 2024)
The remote Windows host is missing security update 5040430. It is, therefore, affected by multiple vulnerabilities - RADIUS Protocol under RFC 2865 is susceptible to forgery attacks by a local attacker who can modify any valid Response Access-Accept, Access-Reject, or Access-Challenge to any othe...
RADIUS protocol susceptible to forgery attacks.
Overview A vulnerability in the RADIUS protocol allows an attacker allows an attacker to forge an authentication response in cases where a Message-Authenticator attribute is not required or enforced. This vulnerability results from a cryptographically insecure integrity check when validating...
KB5040498: Windows Server 2008 R2 Security Update (July 2024)
The remote Windows host is missing security update 5040498. It is, therefore, affected by multiple vulnerabilities - RADIUS Protocol under RFC 2865 is susceptible to forgery attacks by a local attacker who can modify any valid Response Access-Accept, Access-Reject, or Access-Challenge to any othe...
IBM QRadar WinCollect Agent Resource Management Error Vulnerability
IBM QRadar WinCollect Agent is an agent program from International Business Machines IBM for collecting and sending Windows event logs. A resource management error vulnerability exists in IBM QRadar WinCollect Agent that stems from vulnerability to server-side request forgery attacks. No detailed...
Anomaly detection in certificate-based TGT requests
One of the most complex yet effective methods of gaining unauthorized access to corporate network resources is an attack using forged certificates. Attackers create such certificates to fool the Key Distribution Center KDC into granting access to the target companys network. An example of such an...
Ubuntu: Security Advisory (USN-4943-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
SUSE SLES12 Security Update : wpa_supplicant (SUSE-SU-2021:1125-1)
This update for wpasupplicant fixes the following issues : CVE-2021-30004: Fixed an issue where forging attacks might have occured because AlgorithmIdentifier parameters were mishandled in tls/pkcs1.c and tls/x509v3.c bsc1184348 Note that Tenable Network Security has extracted the preceding...
Ubuntu: Security Advisory (USN-4714-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Cross site request forgery (csrf)
MFScripts YetiShare 3.5.2 through 4.5.3 does not set the SameSite flag on session cookies, allowing the cookie to be sent in cross-site requests and potentially be used in cross-site request forgery attacks...
CVE-2019-19737
MFScripts YetiShare 3.5.2 through 4.5.3 does not set the SameSite flag on session cookies, allowing the cookie to be sent in cross-site requests and potentially be used in cross-site request forgery attacks...