Radius protocol vulnerability advisory for Strong Authentication
Article ID: 371742
Updated On:
Products
Issue/Introduction
A high severity vulnerability found within the Radius protocol which affects the Symantec Strong Authentication product.
What is the vulnerability?
The RADIUS protocol has a critical issue that impacts RADIUS transport over insecure networks, particularly using RADIUS over UDP or TCP.
This problem enables a man-in-the-middle attacker to forge a valid Access-Reject response to a client request that the RADIUS server has denied. In other words, the attacker can change an Access-Reject to an Access-Accept by using a malicious proxy state and altering the contents. As a result, the attacker can access protected resources and devices for which the RADIUS client authenticates.
Environment
All supported Strong Authentication Version ( 9.1.x)
Symantec Advanced Authentication
Cause
https://www.cve.org/CVERecord?id=CVE-2024-3596
NIST URL for CVE-2024-3596 - https://nvd.nist.gov/vuln/detail/CVE-2024-3596)
Resolution
Message-Authenticator is a radius attribute with Type 80, This attribute value should be the HMAC-MD5 digest of the entire radius packet with radius secret as the key.
Message-Authenticator = HMAC-MD5 (Type, Identifier, Length,Request Authenticator, Attributes)
A radius server receiving Access-Request with Message-Authenticator attribute. The radius server should calculate the correct value and compare, If digests are mismatched then discard the packet.
A radius client receiving Access-Challenge/Access-
Hot fix Plan:
Hotfix for all 9.1.x Strong Authentication version is available to download from the support portal.
Additional Information
Feedback
