Improper Authentication in FreeRADIUS

1) Improper Authentication

EUVDB-ID: #VU33323

Risk: Medium

CVSSv3.1: 5.7 [CVSS:3.1/CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2011-2701

CWE-ID: CWE-287 - Improper Authentication

Exploit availability: No

Description

The vulnerability allows a remote non-authenticated attacker to read and manipulate data.

The ocsp_check function in rlm_eap_tls.c in FreeRADIUS 2.1.11, when OCSP is enabled, does not properly parse replies from OCSP responders, which allows remote attackers to bypass authentication by using the EAP-TLS protocol with a revoked X.509 client certificate.

Mitigation

Install update from vendor's website.

Vulnerable software versions

FreeRADIUS: 2.1.11

External links

http://secunia.com/advisories/45425
http://securityreason.com/securityalert/8325
http://securitytracker.com/id?1025833
http://www.openwall.com/lists/oss-security/2011/07/15/6
http://www.openwall.com/lists/oss-security/2011/07/18/2
http://www.openwall.com/lists/oss-security/2011/07/20/9
http://www.securityfocus.com/archive/1/518974/100/0/threaded
http://www.securityfocus.com/bid/48880
http://bugzilla.redhat.com/show_bug.cgi?id=724815
http://exchange.xforce.ibmcloud.com/vulnerabilities/68782
http://www.dfn-cert.de/informationen/Sicherheitsbulletins/dsb-2011-01.html

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.