Adam Suhl

Name of the Vulnerable Software and Affected Versions: RADIUS Protocol (affected versions not specified) FreeRadius (affected versions not specified) Palo Alto Networks PAN-OS (affected versions not specified) eduMFA prior version 2.2.0 Description: The RADIUS protocol under RFC 2865 is susceptible to forgery attacks by a local attacker who can modify any valid Response (Access-Accept, Access-Reject, or Access-Challenge) to any other response using a chosen-prefix collision attack against MD5 Response Authenticator signature. This vulnerability allows an attacker performing a meddler-in-the-middle attack between a RADIUS client and server to bypass authentication and escalate privileges. The estimated number of potentially affected devices worldwide is not specified. There is no information about real-world incidents where this issue was exploited. Recommendations: For RADIUS Protocol: Update the protocol to use a secure authentication method, such as a hashed message authentication code (HMAC) or a digital signature. For FreeRadius: Update to a version that includes a fix for this vulnerability. For Palo Alto Networks PAN-OS: Update the RADIUS server profile to use a secure authentication protocol, such as TLS, and ensure that CHAP or PAP is not used unless encapsulated by an encrypted tunnel. For eduMFA: Update to version 2.2.0 or later. As a temporary workaround, consider restricting access to the RADIUS server and limiting the use of vulnerable protocols, such as CHAP or PAP, until a patch is available.