#VU33323 Improper Authentication in FreeRADIUS - CVE-2011-2701

Cybersecurity Help s.r.o.

Published: 2011-08-04 | Updated: 2020-08-03

Vulnerability identifier: #VU33323

Vulnerability risk: Medium

CVSSv4.0: 2.7 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Green]

CVE-ID: CVE-2011-2701

CWE-ID: CWE-287

Exploitation vector: Network

Exploit availability: No

Vulnerable software:
FreeRADIUS
Server applications / Directory software, identity management

Vendor: FreeRADIUS Server Project

Description

The vulnerability allows a remote non-authenticated attacker to read and manipulate data.

The ocsp_check function in rlm_eap_tls.c in FreeRADIUS 2.1.11, when OCSP is enabled, does not properly parse replies from OCSP responders, which allows remote attackers to bypass authentication by using the EAP-TLS protocol with a revoked X.509 client certificate.

Mitigation
Install update from vendor's website.

Vulnerable software versions

FreeRADIUS: 2.1.11

External links
https://secunia.com/advisories/45425
https://securityreason.com/securityalert/8325
https://securitytracker.com/id?1025833
https://www.openwall.com/lists/oss-security/2011/07/15/6
https://www.openwall.com/lists/oss-security/2011/07/18/2
https://www.openwall.com/lists/oss-security/2011/07/20/9
https://www.securityfocus.com/archive/1/518974/100/0/threaded
https://www.securityfocus.com/bid/48880
https://bugzilla.redhat.com/show_bug.cgi?id=724815
https://exchange.xforce.ibmcloud.com/vulnerabilities/68782
https://www.dfn-cert.de/informationen/Sicherheitsbulletins/dsb-2011-01.html

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

Latest bulletins with this vulnerability

Improper Authentication in freeradius (Alpine package)

Improper Authentication in FreeRADIUS