RADIUS Protocol under RFC 2865 is susceptible to forgery attacks by a local
attacker who can modify any valid Response (Access-Accept, Access-Reject,
or Access-Challenge) to any other response using a chosen-prefix collision
attack against MD5 Response Authenticator signature.
Author | Note |
---|---|
alexmurray | RADIUS clients may also be affected |
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
ubuntu | 18.04 | noarch | freeradius | <Â any | UNKNOWN |
ubuntu | 20.04 | noarch | freeradius | <Â any | UNKNOWN |
ubuntu | 22.04 | noarch | freeradius | <Â any | UNKNOWN |
ubuntu | 24.04 | noarch | freeradius | <Â any | UNKNOWN |
ubuntu | 16.04 | noarch | freeradius | <Â any | UNKNOWN |