CVE-2024-3596
published 2024-07-09CVE-2024-3596: RADIUS Protocol under RFC 2865 is susceptible to forgery attacks by a local attacker who can modify any valid Response (Access-Accept, Access-Reject, or…
PriorityP265critical9CVSS 3.1
AVNACHPRNUINSCCHIHAH
EPSS
14.86%
96.3th percentile
RADIUS Protocol under RFC 2865 is susceptible to forgery attacks by a local attacker who can modify any valid Response (Access-Accept, Access-Reject, or Access-Challenge) to any other response using a chosen-prefix collision attack against MD5 Response Authenticator signature.
Affected
23 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | freeradius | < freeradius 3.2.5+dfsg-1 (forky) | freeradius 3.2.5+dfsg-1 (forky) |
| freeradius | freeradius | < 3.0.27 | 3.0.27 |
| freeradius | freeradius | >= 0 < 3.2.5+dfsg-1 | 3.2.5+dfsg-1 |
| freeradius | freeradius | >= 0 < 3.2.5+dfsg-1 | 3.2.5+dfsg-1 |
| ietf | rfc | — | — |
| msrc | windows_10 | — | — |
| msrc | windows_10_version_1607 | — | — |
| msrc | windows_10_version_1809 | — | — |
| msrc | windows_10_version_21h2 | — | — |
| msrc | windows_10_version_22h2 | — | — |
| msrc | windows_11_version_21h2 | — | — |
| msrc | windows_11_version_22h2 | — | — |
| msrc | windows_11_version_23h2 | — | — |
| msrc | windows_server_2008 | — | — |
| msrc | windows_server_2008_r2 | — | — |
| msrc | windows_server_2012 | — | — |
| msrc | windows_server_2012_r2 | — | — |
| msrc | windows_server_2016 | — | — |
| msrc | windows_server_2019 | — | — |
| msrc | windows_server_2022 | — | — |
| paloalto | cloud_ngfw | — | — |
| paloalto | pan-os | — | — |
| paloalto | prisma_access | — | — |
Detection & IOCsextracted from sources · hover to see the quote
- →Monitor for RADIUS traffic (UDP/1812 or UDP/1645) traversing non-management or non-dedicated VLANs — on-path interception of RADIUS responses is required for exploitation ↗
- →Alert on RADIUS Access-Accept, Access-Reject, or Access-Challenge responses that have been modified in transit — the attack forges any valid response into another response type using an MD5 chosen-prefix collision against the Response Authenticator field ↗
- →Track Cisco bug IDs CSCwq90178, CSCwk87884, CSCwk71992, CSCwk69454, CSCwk71817 for affected Cisco product patches related to this RADIUS spoofing vulnerability ↗
- →Reference CERT/CC VU#456537 for additional technical indicators and researcher disclosures related to the Blast-RADIUS attack ↗
- ·The attack requires an on-path (MitM) attacker capable of intercepting and modifying RADIUS UDP traffic between the NAS/client and the RADIUS server — purely passive or remote-only attackers cannot exploit this without network positioning ↗
- ·Exploitation is only relevant when devices are configured to use remote RADIUS authentication — devices not using RADIUS are unaffected ↗
- ·The vulnerability is rooted in the MD5-based Response Authenticator defined in RFC 2865; deployments using RADIUS over TLS (RadSec) or requiring Message-Authenticator in all packets are not exploitable via this vector ↗
- ·No known public exploitation specifically targeting this vulnerability has been reported to CISA at the time of advisory publication ↗
CVSS provenance
nvdv3.19.0CRITICALCVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H
ghsa9.0CRITICAL
osv9.0CRITICAL
vendor_cisco9.0CRITICAL
vendor_debian9.0CRITICAL
vendor_oracle9.0CRITICAL
vendor_redhat9.0CRITICAL
vendor_msrc7.5HIGH
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
CISA ICS
Hitachi Energy XMC20
cisa_ics·2026-02-05·CVSS 9.0
[CRITICAL] Hitachi Energy XMC20
ICS Advisory
##
Hitachi Energy XMC20
Release DateFebruary 05, 2026
Alert CodeICSA-26-036-05
Related topics:
Industrial Control System Vulnerabilities, Industrial Control Systems
View CSAF
## Summary
Hitachi Energy is aware of a vulnerability that affects XMC20 product versions listed in this document. Successful exploitation of this vulnerability can lead to forgery attacks potentially causing impact on confidentiality, integrity and availability for the product. Please refer to the Recommended Immediate Actions for information about the mitigation/remediation. Note: This is applicable only if XMC20 devices are configured to use remote RADIUS authentication.
The following versions of Hitachi Energy XMC20 are affected:
- XMC20 R18, vers:XMC20/<=R17A (CVE-202
CISA ICS
Hitachi Energy FOX61x
cisa_ics·2026-02-05·CVSS 9.0
[CRITICAL] Hitachi Energy FOX61x
ICS Advisory
##
Hitachi Energy FOX61x
Release DateFebruary 05, 2026
Alert CodeICSA-26-036-06
Related topics:
Industrial Control System Vulnerabilities, Industrial Control Systems
View CSAF
## Summary
Hitachi Energy is aware of a vulnerability that affects FOX61x product versions listed in this document. Successful exploitation of this vulnerability can lead to forgery attacks potentially causing impact on confidentiality, integrity and availability for the product. Please refer to the Recommended Immediate Actions for information about the mitigation/remediation. Note: This is applicable only if FOX61x devices are configured to use remote RADIUS authentication.
The following versions of Hitachi Energy FOX61x are affected:
- FOX61x R18, vers:FOX61x/<=R17A (C
CISA ICS
Hitachi Energy AFS, AFR and AFF Series
cisa_ics·2025-12-16·CVSS 9.0
[CRITICAL] Hitachi Energy AFS, AFR and AFF Series
ICS Advisory
##
Hitachi Energy AFS, AFR and AFF Series
Release DateDecember 16, 2025
Alert CodeICSA-25-350-03
Related topics:
Industrial Control System Vulnerabilities, Industrial Control Systems
View CSAF
## Summary
Successful exploitation of this vulnerability could compromise the integrity of the product data and disrupt its availability.
The following versions of Hitachi Energy AFS, AFR and AFF Series are affected:
- AFS 660-B/C/S (CVE-2024-3596)
- AFS 665-B/S (CVE-2024-3596)
- AFS 670 v2.0 (CVE-2024-3596)
- AFS 650 (CVE-2024-3596)
- AFS 655 (CVE-2024-3596)
- AFS 670 (CVE-2024-3596)
- AFS 675 (CVE-2024-3596)
- AFS 677 (CVE-2024-3596)
- AFR 677 (CVE-2024-3596)
- AFF 660 (CVE-2024-3596)
- AFF 665 (CVE-2024-3596)
CVSS
Vendor
Equipment
Vulnerabil
CISA ICS
Siemens SIPROTEC and SICAM
cisa_ics·2025-05-15
Siemens SIPROTEC and SICAM
ICS Advisory
##
Siemens SIPROTEC and SICAM
Release DateMay 15, 2025
Alert CodeICSA-25-135-05
Related topics:
Industrial Control System Vulnerabilities, Industrial Control Systems
As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories (CERT Services | Services | Siemens Global).
View CSAF
## 1. EXECUTIVE SUMMARY
- CVSS v4 9.1
- ATTENTION: Exploitable remotely/low attack complexity
- Vendor: Siemens
- Equipment: SIPROTEC and SICAM
- Vulnerability: Improper Enforcement of Message Integrity During Transmission in a Communication Channel
## 2. RIS
Ubuntu
Kerberos vulnerability
vendor_ubuntu·2025-02-05
CVE-2024-3596 Kerberos vulnerability
Title: Kerberos vulnerability
Summary: A system authentication measure could be bypassed.
Goldberg, Miro Haller, Nadia Heninger, Mike Milano, Dan Shumow, Marc
Stevens, and Adam Suhl discovered that Kerberos incorrectly authenticated
certain responses. An attacker able to intercept communications between a
RADIUS client and server could possibly use this issue to forge responses,
bypass authentication, and access network devices and services.
This update introduces support for the Message-Authenticator attribute in
non-EAP authentication methods for communications between Kerberos and a
RADIUS server.
Instructions: In general, a standard system update will make all the necessary changes.
Oracle
Oracle Oracle Communications Risk Matrix: Configuration (Kerberos) — CVE-2024-3596
vendor_oracle·2025-01-15·CVSS 9.0
CVE-2024-3596 [CRITICAL] Oracle Oracle Communications Risk Matrix: Configuration (Kerberos) — CVE-2024-3596
Oracle Oracle Communications Risk Matrix: Configuration (Kerberos) vulnerability
CVE: CVE-2024-3596
CVSS: 9.0
Protocol: HTTP
Remote exploit: Yes
Affected versions: Network
Advisory: cpujan2025 (JAN 2025)
Ubuntu
FreeRADIUS vulnerability
vendor_ubuntu·2024-10-03
CVE-2024-3596 FreeRADIUS vulnerability
Title: FreeRADIUS vulnerability
Summary: A system authentication measure could be bypassed.
Goldberg, Miro Haller, Nadia Heninger, Mike Milano, Dan Shumow, Marc
Stevens, and Adam Suhl discovered that FreeRADIUS incorrectly authenticated
certain responses. An attacker able to intercept communications between a
RADIUS client and server could possibly use this issue to forge responses,
bypass authentication, and access network devices and services.
This update introduces new configuration options called "limit_proxy_state"
and "require_message_authenticator" that default to "auto" but should be
set to "yes" once all RADIUS devices have been upgraded on a network.
Instructions: In general, a standard system update will make all the necessary changes.
CISA ICS
Siemens SCALANCE, RUGGEDCOM, SIPLUS, and SINEC
cisa_ics·2024-07-11
Siemens SCALANCE, RUGGEDCOM, SIPLUS, and SINEC
ICS Advisory
##
Siemens SCALANCE, RUGGEDCOM, SIPLUS, and SINEC
Release DateJuly 11, 2024
Alert CodeICSA-24-193-05
Related topics:
Industrial Control System Vulnerabilities, Industrial Control Systems
As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories (CERT Services | Services | Siemens Global).
View CSAF
## 1. EXECUTIVE SUMMARY
- CVSS v4 9.1
- ATTENTION: Exploitable remotely
- Vendor: Siemens
- Equipment: SCALANCE, RUGGEDCOM, SIPLUS, and SINEC
- Vulnerability: Improper Enforcement of Message Integrity During Transmission in a Communication
Cisco
RADIUS Protocol Spoofing Vulnerability (Blast-RADIUS): July 2024
vendor_cisco·2024-07-10·CVSS 9.0
CVE-2024-3596 [CRITICAL] CWE-924 RADIUS Protocol Spoofing Vulnerability (Blast-RADIUS): July 2024
RADIUS Protocol Spoofing Vulnerability (Blast-RADIUS): July 2024
On July 7, 2024, security researchers disclosed the following vulnerability in the RADIUS protocol:
CVE-2024-3596: RADIUS Protocol under RFC 2865 is susceptible to forgery attacks by an on-path attacker who can modify any valid Response (Access-Accept, Access-Reject, or Access-Challenge) to any other response using a chosen-prefix collision attack against MD5 Response Authenticator signature.
This vulnerability may impact any RADIUS client and server. For a description of this vulnerability, see VU#456537: RADIUS protocol susceptible to forgery attacks.
This advisory is available at the following link:https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-radius-spoofing-july-2024-87cCDwZ3
Palo Alto
PAN-OS: CHAP and PAP When Used with RADIUS Authentication Lead to Privilege Escalation
vendor_paloalto·2024-07-10·CVSS 9.0
CVE-2024-3596 [CRITICAL] CWE-290 PAN-OS: CHAP and PAP When Used with RADIUS Authentication Lead to Privilege Escalation
PAN-OS: CHAP and PAP When Used with RADIUS Authentication Lead to Privilege Escalation
This vulnerability allows an attacker performing a meddler-in-the-middle attack between Palo Alto Networks PAN-OS firewall and a RADIUS server to bypass authentication and escalate privileges to ‘superuser’ when RADIUS authentication is in use and either CHAP or PAP is selected in the RADIUS server profile.
CHAP and PAP are protocols with no Transport Layer Security (TLS), and hence vulnerable to meddler-in-the-middle attacks. Neither protocol should be used unless they are encapsulated by an encrypted tunnel. If they are in use, but are encapsulated within a TLS tunnel, they are not vulnerable to this attack.
For additional information regarding this vulnerability, please see https://blastradius.fail
Microsoft
CERT/CC: CVE-2024-3596 RADIUS Protocol Spoofing Vulnerability
vendor_msrc·2024-07-09·CVSS 7.5
CVE-2024-3596 [CRITICAL] CWE-327 CERT/CC: CVE-2024-3596 RADIUS Protocol Spoofing Vulnerability
CERT/CC: CVE-2024-3596 RADIUS Protocol Spoofing Vulnerability
FAQ: Why is this CERT/CC CVE included in the Security Update Guide?
A vulnerability exists in the RADIUS protocol that potentially affects many products and implementations of the RFC 2865 in the UDP version of the RADIUS protocol. In brief, RADIUS protocol (RFC 2865) is susceptible to forgery attacks that can modify Access-Accept or Access-Reject RADIUS response. CERT/CC assigned a CVE ID for this vulnerability which all vendors are using for their affected products.
Please see KB5040268: How to manage the Access-Request packets attack vulnerability associated with CVE-2024-3596 for information on additional steps that should be done to protect your environment from this vulnerability.
FAQ: According to the CVSS metric, the a
Red Hat
freeradius: forgery attack
vendor_redhat·2024-07-09·CVSS 9.0
CVE-2024-3596 [CRITICAL] CWE-294 freeradius: forgery attack
freeradius: forgery attack
RADIUS Protocol under RFC 2865 is susceptible to forgery attacks by a local attacker who can modify any valid Response (Access-Accept, Access-Reject, or Access-Challenge) to any other response using a chosen-prefix collision attack against MD5 Response Authenticator signature.
A vulnerability in the RADIUS (Remote Authentication Dial-In User Service) protocol allows attackers to forge authentication responses when the Message-Authenticator attribute is not enforced. This issue arises from a cryptographically insecure integrity check using MD5, enabling attackers to spoof UDP-based RADIUS response packets. This can result in unauthorized access by modifying an Access-Reject response to an Access-Accept response, thereby compromising the authentication process.
Debian
CVE-2024-3596: freeradius - RADIUS Protocol under RFC 2865 is susceptible to forgery attacks by a local atta...
vendor_debian·2024·CVSS 9.0
CVE-2024-3596 [CRITICAL] CVE-2024-3596: freeradius - RADIUS Protocol under RFC 2865 is susceptible to forgery attacks by a local atta...
RADIUS Protocol under RFC 2865 is susceptible to forgery attacks by a local attacker who can modify any valid Response (Access-Accept, Access-Reject, or Access-Challenge) to any other response using a chosen-prefix collision attack against MD5 Response Authenticator signature.
Scope: local
bookworm: open
bullseye: open
forky: resolved (fixed in 3.2.5+dfsg-1)
sid: resolved (fixed in 3.2.5+dfsg-1)
trixie: resolved (fixed in 3.2.5+dfsg-1)
Cisco
RADIUS Protocol Spoofing Vulnerability (Blast-RADIUS): July 2024
vendor_cisco·CVSS 3.1
CVE-2024-3596 RADIUS Protocol Spoofing Vulnerability (Blast-RADIUS): July 2024
CVE-2024-3596: RADIUS Protocol Spoofing Vulnerability (Blast-RADIUS): July 2024
On July 7, 2024, security researchers disclosed the following vulnerability in the RADIUS protocol: CVE-2024-3596: RADIUS Protocol under RFC 2865 is susceptible to forgery attacks by an on-path attacker who can modify any valid Response (Access-Accept, Access-Reject, or Access-Challenge) to any other response using a chosen-prefix collision attack against MD5 Response Authenticator signature. This vulnerability may impact any RADIUS client and server. For a description of this vulnerability, see VU#456537: RADIUS protocol susceptible to forgery attacks . This advisory is available at the following link: https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-radius-spoofing-july-2
GHSA
OpenAM: Unauthenticated Authentication Bypass via RADIUS Spoofing
ghsa·2026-06-25·CVSS 9.0
CVE-2026-46560 [CRITICAL] CWE-347 OpenAM: Unauthenticated Authentication Bypass via RADIUS Spoofing
OpenAM: Unauthenticated Authentication Bypass via RADIUS Spoofing
## Summary
**Description**
An Improper Verification of Cryptographic Signature (CWE-347) issue in OpenAM's RADIUS authentication module allows an unauthenticated network attacker to spoof an Access-Accept response and obtain an OpenAM session for any RADIUS username, without knowing the configured shared secret. This affects OpenAM Community Edition through version 16.0.6 and was patched in version 16.1.1.
The RADIUS client opens an unconnected datagram socket and treats the first UDP datagram delivered to its source port as authoritative. The receive path does not check the source IP/port, does not match the response identifier to the outstanding request, and does not verify the Response Authenticator (RFC 2865 §3); the
OSV
BlastRADIUS also affects eduMFA
osv·2024-07-17·CVSS 9.0
CVE-2024-3596 [CRITICAL] BlastRADIUS also affects eduMFA
BlastRADIUS also affects eduMFA
### Summary
BlastRADIUS (see blastradius.fail for details) also affects eduMFA prior version 2.2.0, because the Message-Authenticator attributes were not checked.
### Details
Website with the vulnerability information blastradius.fail
The original vulnerability has been assigned CVE-2024-3596
Case in vince: https://kb.cert.org/vuls/id/456537
### PoC
There is no known proof-of-concept except for the attack shown in the paper from the researchers
### Impact
An attacker can trigger an authentication flow with a RADIUS-backed token, intercept the RADIUS packet sent by eduMFA and modify the RADIUS server's answer, which would lead eduMFA to believe that the token is valid, even though the RADIUS servers answer was a reject.
GHSA
BlastRADIUS also affects eduMFA
ghsa·2024-07-17·CVSS 9.0
CVE-2024-3596 [CRITICAL] CWE-924 BlastRADIUS also affects eduMFA
BlastRADIUS also affects eduMFA
### Summary
BlastRADIUS (see blastradius.fail for details) also affects eduMFA prior version 2.2.0, because the Message-Authenticator attributes were not checked.
### Details
Website with the vulnerability information blastradius.fail
The original vulnerability has been assigned CVE-2024-3596
Case in vince: https://kb.cert.org/vuls/id/456537
### PoC
There is no known proof-of-concept except for the attack shown in the paper from the researchers
### Impact
An attacker can trigger an authentication flow with a RADIUS-backed token, intercept the RADIUS packet sent by eduMFA and modify the RADIUS server's answer, which would lead eduMFA to believe that the token is valid, even though the RADIUS servers answer was a reject.
GHSA
GHSA-3g8x-wqfp-q876: RADIUS Protocol under RFC 2865 is susceptible to forgery attacks by a local attacker who can modify any valid Response (Access-Accept, Access-Reject,
ghsa_unreviewed·2024-07-09
CVE-2024-3596 [CRITICAL] CWE-200 GHSA-3g8x-wqfp-q876: RADIUS Protocol under RFC 2865 is susceptible to forgery attacks by a local attacker who can modify any valid Response (Access-Accept, Access-Reject,
RADIUS Protocol under RFC 2865 is susceptible to forgery attacks by a local attacker who can modify any valid Response (Access-Accept, Access-Reject, or Access-Challenge) to any other response using a chosen-prefix collision attack against MD5 Response Authenticator signature.
OSV
CVE-2024-3596: RADIUS Protocol under RFC 2865 is susceptible to forgery attacks by a local attacker who can modify any valid Response (Access-Accept, Access-Reject,
osv·2024-07-09·CVSS 9.0
CVE-2024-3596 [CRITICAL] CVE-2024-3596: RADIUS Protocol under RFC 2865 is susceptible to forgery attacks by a local attacker who can modify any valid Response (Access-Accept, Access-Reject,
RADIUS Protocol under RFC 2865 is susceptible to forgery attacks by a local attacker who can modify any valid Response (Access-Accept, Access-Reject, or Access-Challenge) to any other response using a chosen-prefix collision attack against MD5 Response Authenticator signature.
No detection rules found.
No public exploits indexed.
Qualys
Oracle Critical Patch Update, January 2025 Security Update Review
blogs_qualys·2025-01-23
Oracle Critical Patch Update, January 2025 Security Update Review
## Table of Contents
Qualys QID Coverage
Notable Oracle Vulnerabilities Patched
Discover and Prioritize Vulnerabilities in Vulnerability Management, Detection & Response (VMDR)
Rapid Response with Patch Management (PM)
Oracle released its first quarterly edition of this year’s Critical Patch Update, which received patches for 318 security vulnerabilities. Some of the vulnerabilities addressed in this update impact more than one product. These patches address vulnerabilities in various product families, including third-party components in Oracle products.
In this quarterly Oracle Critical Patch Update, Oracle Communications received the highest number of patches, 85 constituting about 27% of the total patches released. Oracle MySQL and Oracle Financial Services Applications followed,
Qualys
Oracle Critical Patch Update, January 2025 Security Update Review | Qualys
blogs_qualys·2025-01-23
Oracle Critical Patch Update, January 2025 Security Update Review | Qualys
#### Table of Contents
- Qualys QID Coverage
- Notable Oracle Vulnerabilities Patched
- Discover and Prioritize Vulnerabilities in Vulnerability Management, Detection & Response (VMDR)
- Rapid Response with Patch Management (PM)
Oracle released its first quarterly edition of this year’s Critical Patch Update, which received patches for 318 security vulnerabilities. Some of the vulnerabilities addressed in this update impact more than one product. These patches address vulnerabilities in various product families, including third-party components in Oracle products.
In this quarterly Oracle Critical Patch Update, Oracle Communications received the highest number of patches, 85 constituting about 27% of the total patches released. Oracle MySQL and Oracle Financial Services Applications fol
Trendmicro
The July 2024 Security Update Review
blogs_trendmicro·2024-07-09
The July 2024 Security Update Review
## The July 2024 Security Update Review
Get the July 2024 security update and review.
By: Dustin Childs 2024/07/09 Read time: ( words)
Save to Folio
We’re just past the halfway point of 2024, and as expected, Microsoft and Adobe have released their regularly scheduled updates. Take a break from your regular activities and join us as we review the details of their latest security alerts. If you’d rather watch the full video recap covering the entire release, you can check it out here:
Adobe Patches for July 2024
For July, Adobe released three patches addressing seven CVEs in Adobe Premiere Pro, InDesign, and Adobe Bridge. The patch for InDesign is the largest, fixing four Critical-rated CVEs. All four could lead to arbitrary code execution. The fix for Premiere Pro fixes a single CVE
Trendmicro
The July 2024 Security Update Review
blogs_trendmicro·2024-07-09
The July 2024 Security Update Review
# The July 2024 Security Update Review
Get the July 2024 security update and review.
By: Dustin Childs
2024/07/09
Read time: ( words)
Save to Folio
We’re just past the halfway point of 2024, and as expected, Microsoft and Adobe have released their regularly scheduled updates. Take a break from your regular activities and join us as we review the details of their latest security alerts. If you’d rather watch the full video recap covering the entire release, you can check it out here:
Adobe Patches for July 2024
For July, Adobe released three patches addressing seven CVEs in Adobe Premiere Pro, InDesign, and Adobe Bridge. The patch for InDesign is the largest, fixing four Critical-rated CVEs. All four could lead to arbitrary code execution. The fix for Premiere Pro fixes a single CVE
http://www.openwall.com/lists/oss-security/2024/07/09/4https://cert-portal.siemens.com/productcert/html/ssa-723487.htmlhttps://cert-portal.siemens.com/productcert/html/ssa-794185.htmlhttps://datatracker.ietf.org/doc/draft-ietf-radext-deprecating-radius/https://datatracker.ietf.org/doc/html/rfc2865https://networkradius.com/assets/pdf/radius_and_md5_collisions.pdfhttps://psirt.global.sonicwall.com/vuln-detail/SNWLID-2024-0014https://www.blastradius.fail/http://www.openwall.com/lists/oss-security/2024/07/09/4https://datatracker.ietf.org/doc/draft-ietf-radext-deprecating-radius/https://datatracker.ietf.org/doc/html/rfc2865https://networkradius.com/assets/pdf/radius_and_md5_collisions.pdfhttps://psirt.global.sonicwall.com/vuln-detail/SNWLID-2024-0014https://security.netapp.com/advisory/ntap-20240822-0001/https://today.ucsd.edu/story/computer-scientists-discover-vulnerabilities-in-a-popular-security-protocolhttps://www.blastradius.fail/https://www.kb.cert.org/vuls/id/456537https://cert-portal.siemens.com/productcert/html/ssa-364175.htmlhttps://cert-portal.siemens.com/productcert/html/ssa-723487.htmlhttps://cert-portal.siemens.com/productcert/html/ssa-770770.htmlhttps://cert-portal.siemens.com/productcert/html/ssa-794185.html
2024-07-09
Published