Recently, from the Luxembourg RESTENA the security research expert Stefan Winter in the current worldβs most popular radius server found a TLS authentication bypass vulnerability.
! [](/Article/UploadPic/2017-6/2017611191119939. png? www. myhack58. com)
FreeRADIUS is currently the worldβs most popular RADIUS server, in fact the vast majority of the radius server is based on FreeRADIUS development, including many open-source applications and commercial applications. In addition, it not only has been to a Fortune 500 company and the level of ISP providers offer three A-level technical support, and many enterprise-grade Wi-Fi and IEEE 802.1 X network especially in the education community are using FreeRADIUS it.
This vulnerability, CVE-2017-9148 found in TTLS and PEAP implementations, when the system is in the process to re-connect the TLS link would trigger this vulnerability, then the attacker will be able to bypass the systemβs internal authentication mechanism.
Researchers in its release of a vulnerability report wrote:
βWhen FreeRADIUS in the handling of a reconnection of the TLS connection, FreeRADIUS in TTLS and PEAP implementation will bypass the systemβs internal authentication mechanism. The key issue now is that, unless a TLS session, the initial link has successfully passed the internal validation, otherwise the server should never allow a TLS session to be re-connected. But, unfortunately, affected by this vulnerability FreeRADIUS version simply can not effectively prevent unauthenticated TLS session is re-connected, unless the system is completely disable the TLS session cache. And this also means that the attacker will be able to not send any valid credential the case of bypassing the systemβs internal authentication mechanism.β
A communication connection interruption is actually a very normal thing, say, when the TLS on the communication link a user from one signal station to another signal Station occurs when the communication is interrupted and re-connect. And because of this vulnerability, the system does not require the user to re-login authentication.
Affected by Vulnerability CVE-2017-9148 affect the FreeRADIUS version is as follows:
2.2. x : full version;
3.0. x (stable version): 3.0.14 version before all versions;
3.1. x and 4. 0. x (development version): 2017-02-04 version all previous version;
Are using FreeRADIUS system administrators who need the updated version to the 3. 0. 14-party to resolve this problem, the current temporary solution is to disable TLS session caching.
Vulnerability report the vulnerability mitigation measures are as follows:
(a)disable the TLS session cache, i.e., in the EAP module settings cache settings area will be enabled parameter set to noοΌenabled = no
(b)the version update to 3. 0. 14