CVE
CVE-2024-3596
| CVE ID |
CVE-2024-3596
|
|---|---|
| CVSS Score |
9
|
| Operating System | |
| Affected Versions | |
| Patched Versions |
krb5-1.15.1-55_ol002.el7_9
|
| Patch Date |
|
| Last Updated Date | |
| Vector String |
Additional Information
OL CVE Issue Summary :
A vulnerability in the RADIUS (Remote Authentication Dial-In User Service) protocol allows attackers to forge authentication responses when the Message-Authenticator attribute is not enforced. This issue arises from a cryptographically insecure
integrity check using MD5, enabling attackers to spoof UDP-based RADIUS response packets. This can result in unauthorized access by modifying an Access-Reject response to an Access-Accept response, thereby compromising the authentication process.