Improper Authentication in freeradius (Alpine package)

1) Improper Authentication

EUVDB-ID: #VU18336

Risk: Medium

CVSSv3.1: 6.6 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:O/RC:C]

CVE-ID: CVE-2019-11235

CWE-ID: CWE-287 - Improper Authentication

Exploit availability: No

Description

The vulnerability allows a remote attacker to bypass authentication process.

The vulnerability exists due to FreeRadius mishandles secure checks when preforming user authentication process. The related checks refer to mechanisms, which ensures that "each participant verifies that the received scalar is within a range, and that the received group element is a valid point on the curve being used". A remote attacker can bypass authentication process.

Mitigation

Install update from vendor's website.

Vulnerable software versions

freeradius (Alpine package): 3.0.9-r0 - 3.0.13-r2

External links

http://git.alpinelinux.org/aports/commit/?id=69138d98cebd2ab4efee5ac34450ed828d482d2c
http://git.alpinelinux.org/aports/commit/?id=39ad148a1b03ffa56801c3ded59b34d6ac0e4dd1
http://git.alpinelinux.org/aports/commit/?id=5000ff06e26f8e780cec024850772451991b14d4
http://git.alpinelinux.org/aports/commit/?id=03e34b1adafe3bbf545854f14971aa8e0142c1aa
http://git.alpinelinux.org/aports/commit/?id=065f2876051f76809327b30c47239ed3b8db0bd5
http://git.alpinelinux.org/aports/commit/?id=354ae2b18aa0dbbd1760f1152adc8699967a4ce3
http://git.alpinelinux.org/aports/commit/?id=77eea063d8f0ef7ac9a99e7a070e5d5fabe3d777
http://git.alpinelinux.org/aports/commit/?id=d19f2800a1df00c0d730c8a31045e0f54ef3404f

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.