142 matches found
The vulnerability in the message processing function of the RADIUS authentication, authorization, and accounting protocol implemented by the Cisco Identity Services Engine (ISE) platform for network connection policy management allows a perpetrator to cause a denial-of-service attack on a network access device (NAD).
The vulnerability of the message processing function in the implementation of the RADIUS authentication, authorization, and accounting protocol of the Cisco Identity Services Engine ISE platform is related to reading data beyond the buffer in memory. Exploiting this vulnerability could allow a...
Alibaba Cloud Linux 3 : 0159: freeradius:3.0 (ALINUX3-SA-2024:0159)
The remote Alibaba Cloud Linux 3 host has packages installed that are affected by a vulnerability as referenced in the ALINUX3-SA-2024:0159 advisory. Package updates are available for Alibaba Cloud Linux 3 that fix the following vulnerabilities: CVE-2024-3596: RADIUS Protocol under RFC 2865 is...
Alibaba Cloud Linux 3 : 0239: krb5 (ALINUX3-SA-2024:0239)
The remote Alibaba Cloud Linux 3 host has packages installed that are affected by a vulnerability as referenced in the ALINUX3-SA-2024:0239 advisory. Package updates are available for Alibaba Cloud Linux 3 that fix the following vulnerabilities: CVE-2024-3596: RADIUS Protocol under RFC 2865 is...
Siemens SIPROTEC and SICAM
SUMMARY This advisory documents the impact of CVE-2024-3596 also dubbed "Blastradius", a vulnerability in the RADIUS protocol, to SIPROTEC, SICAM and related products. The vulnerability could allow on-path attackers, located between a Network Access Server the RADIUS client, e.g., a SICAM device...
Nutanix AHV : Multiple Vulnerabilities (NXSA-AHV-20230302.103014)
The version of AHV installed on the remote host is prior to 20230302.102005. It is, therefore, affected by multiple vulnerabilities as referenced in the NXSA-AHV-20230302.103014 advisory. - RADIUS Protocol under RFC 2865 is susceptible to forgery attacks by a local attacker who can modify any val...
AZL-58604 CVE-2025-24912 affecting package wpa_supplicant for versions less than 2.10-3
hostapd fails to process crafted RADIUS packets properly. When hostapd authenticates wi-fi devices with RADIUS authentication, an attacker in the position between the hostapd and the RADIUS server may inject crafted RADIUS packets and force RADIUS authentications to fail...
UBUNTU-CVE-2025-24912
hostapd fails to process crafted RADIUS packets properly. When hostapd authenticates wi-fi devices with RADIUS authentication, an attacker in the position between the hostapd and the RADIUS server may inject crafted RADIUS packets and force RADIUS authentications to fail...
hostapd 安全漏洞
hostapd is a user space daemon for access points and authentication servers from the individual developer Jouni Malinen. A security vulnerability exists in hostapd version 2.11 and earlier, which stems from the improper handling of specially crafted RADIUS packets, which could lead to RADIUS...
Fortinet Fortigate RADIUS Protocol CVE-2024-3596 (FG-IR-24-255)
The version of Fortigate installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the FG-IR-24-255 advisory. - RADIUS Protocol under RFC 2865 is susceptible to forgery attacks by a local attacker who can modify any valid Response...
Fortinet FortiWeb RADIUS Protocol CVE-2024-3596 (FG-IR-24-255)
The version of FortiWeb installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the FG-IR-24-255 advisory. - RADIUS Protocol under RFC 2865 is susceptible to forgery attacks by a local attacker who can modify any valid Response...
Linux Distros Unpatched Vulnerability : CVE-2024-3596
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - RADIUS Protocol under RFC 2865 is susceptible to forgery attacks by a local attacker who can modify any valid Response Access-Accept, Access-Reject, or...
CLSA-2025-1740132301 krb5: Fix of CVE-2024-3596
CVE-2024-3596: Generate and verify message MACs in libkrad for vulnerability in RADIUS protocol which allows attackers to forge authentication responses...
CLSA-2025-1740132172 krb5: Fix of CVE-2024-3596
CVE-2024-3596: Generate and verify message MACs in libkrad for vulnerability in RADIUS protocol which allows attackers to forge authentication responses...
CVE-2024-46665
An insertion of sensitive information into sent data vulnerability CWE-201 in FortiOS 7.6.0, 7.4.0 through 7.4.4 may allow an attacker in a man-in-the-middle position to retrieve the RADIUS accounting server shared secret via intercepting accounting-requests...
ROS-20241211-12
A vulnerability in the RADIUS authentication protocol implementation is related to bypassing the authentication procedure through capture-replay of intercepted messages. Exploitation of the vulnerability could allow a remote attacker to gain unauthorized access by forging an authentication...
MGASA-2024-0385 Updated krb5 packages fix security vulnerability
RADIUS Protocol under RFC 2865 is susceptible to forgery attacks by a local attacker who can modify any valid Response Access-Accept, Access-Reject, or Access-Challenge to any other response using a chosen-prefix collision attack against MD5 Response Authenticator signature. CVE-2024-3596...
Updated krb5 packages fix security vulnerability
RADIUS Protocol under RFC 2865 is susceptible to forgery attacks by a local attacker who can modify any valid Response Access-Accept, Access-Reject, or Access-Challenge to any other response using a chosen-prefix collision attack against MD5 Response Authenticator signature. CVE-2024-3596...
Fortinet FortiProxy Out-of-bound Write in sslvpnd (FG-IR-24-255)
RADIUS Protocol under RFC 2865 is susceptible to forgery attacks by a local attacker who can modify any valid Response Access-Accept, Access-Reject, or Access-Challenge to any other response using a chosen-prefix collision attack against MD5 Response Authenticator signature. Note that Nessus has...
freeradius: forgery attack
A vulnerability in the RADIUS Remote Authentication Dial-In User Service protocol allows attackers to forge authentication responses when the Message-Authenticator attribute is not enforced. This issue arises from a cryptographically insecure integrity check using MD5, enabling attackers to spoof...
freeradius: forgery attack
A vulnerability in the RADIUS Remote Authentication Dial-In User Service protocol allows attackers to forge authentication responses when the Message-Authenticator attribute is not enforced. This issue arises from a cryptographically insecure integrity check using MD5, enabling attackers to spoof...