mirror of
https://github.com/CVEProject/cvelist.git
synced 2025-08-04 08:44:25 +00:00
118 lines
4.1 KiB
JSON
118 lines
4.1 KiB
JSON
{
|
|
"data_version": "4.0",
|
|
"data_type": "CVE",
|
|
"data_format": "MITRE",
|
|
"CVE_data_meta": {
|
|
"ID": "CVE-2024-3596",
|
|
"ASSIGNER": "cert@cert.org",
|
|
"STATE": "PUBLIC"
|
|
},
|
|
"description": {
|
|
"description_data": [
|
|
{
|
|
"lang": "eng",
|
|
"value": "RADIUS Protocol under RFC 2865 is susceptible to forgery attacks by a local attacker who can modify any valid Response (Access-Accept, Access-Reject, or Access-Challenge) to any other response using a chosen-prefix collision attack against MD5 Response Authenticator signature."
|
|
}
|
|
]
|
|
},
|
|
"problemtype": {
|
|
"problemtype_data": [
|
|
{
|
|
"description": [
|
|
{
|
|
"lang": "eng",
|
|
"value": "CWE-328: Use of Weak Hash"
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"description": [
|
|
{
|
|
"lang": "eng",
|
|
"value": "CWE-200 Exposure of Sensitive Information to an Unauthorized Actor"
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"description": [
|
|
{
|
|
"lang": "eng",
|
|
"value": "CWE-924 Improper Enforcement of Message Integrity During Transmission in a Communication Channel"
|
|
}
|
|
]
|
|
}
|
|
]
|
|
},
|
|
"affects": {
|
|
"vendor": {
|
|
"vendor_data": [
|
|
{
|
|
"vendor_name": "IETF",
|
|
"product": {
|
|
"product_data": [
|
|
{
|
|
"product_name": "RFC",
|
|
"version": {
|
|
"version_data": [
|
|
{
|
|
"version_affected": "=",
|
|
"version_value": "2865"
|
|
}
|
|
]
|
|
}
|
|
}
|
|
]
|
|
}
|
|
}
|
|
]
|
|
}
|
|
},
|
|
"references": {
|
|
"reference_data": [
|
|
{
|
|
"url": "https://datatracker.ietf.org/doc/html/rfc2865",
|
|
"refsource": "MISC",
|
|
"name": "https://datatracker.ietf.org/doc/html/rfc2865"
|
|
},
|
|
{
|
|
"url": "https://datatracker.ietf.org/doc/draft-ietf-radext-deprecating-radius/",
|
|
"refsource": "MISC",
|
|
"name": "https://datatracker.ietf.org/doc/draft-ietf-radext-deprecating-radius/"
|
|
},
|
|
{
|
|
"url": "https://networkradius.com/assets/pdf/radius_and_md5_collisions.pdf",
|
|
"refsource": "MISC",
|
|
"name": "https://networkradius.com/assets/pdf/radius_and_md5_collisions.pdf"
|
|
},
|
|
{
|
|
"url": "https://www.blastradius.fail/",
|
|
"refsource": "MISC",
|
|
"name": "https://www.blastradius.fail/"
|
|
},
|
|
{
|
|
"url": "http://www.openwall.com/lists/oss-security/2024/07/09/4",
|
|
"refsource": "MISC",
|
|
"name": "http://www.openwall.com/lists/oss-security/2024/07/09/4"
|
|
},
|
|
{
|
|
"url": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2024-0014",
|
|
"refsource": "MISC",
|
|
"name": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2024-0014"
|
|
}
|
|
]
|
|
},
|
|
"generator": {
|
|
"engine": "VINCE 3.0.4",
|
|
"env": "prod",
|
|
"origin": "https://cveawg.mitre.org/api/cve/CVE-2024-3596"
|
|
},
|
|
"source": {
|
|
"discovery": "EXTERNAL"
|
|
},
|
|
"credits": [
|
|
{
|
|
"lang": "en",
|
|
"value": "Thanks to Sharon Goldberg, Miro Haller, Nadia Heninger, Mike Milano, Dan Shumow, Marc Stevens, and Adam Suhl who researched and reported this vulnerability"
|
|
}
|
|
]
|
|
} |