CVE-2013-5143

Name of the Vulnerable Software and Affected Versions Apple OS X Server versions prior to 3.0

Description The issue concerns the RADIUS service in Server App, where it selects a fallback X.509 certificate under certain circumstances. This could potentially allow man-in-the-middle attackers to hijack RADIUS sessions if they have knowledge of the private key matching the fallback certificate.

Recommendations For Apple OS X Server versions prior to 3.0, update to version 3.0 or later to resolve the issue. As a temporary workaround, consider restricting access to the RADIUS service until the update can be applied.