Sign In

CVE-2024-3596

ADVISORY - nist

Summary

RADIUS Protocol under RFC 2865 is susceptible to forgery attacks by a local attacker who can modify any valid Response (Access-Accept, Access-Reject, or Access-Challenge) to any other response using a chosen-prefix collision attack against MD5 Response Authenticator signature.

EPSS Score: 0.0104 (0.764)

Common Weakness Enumeration (CWE)

ADVISORY - nist

CWE-200

Exposure of Sensitive Information to an Unauthorized Actor

CWE-328

Use of Weak Hash

CWE-354

Improper Validation of Integrity Check Value

CWE-924

Improper Enforcement of Message Integrity During Transmission in a Communication Channel

ADVISORY - redhat

CWE-294

Authentication Bypass by Capture-replay

CWE-836

Use of Password Hash Instead of Password for Authentication

CWE-924

Improper Enforcement of Message Integrity During Transmission in a Communication Channel

Impacted images

Advisories
Sign in to Docker Scout

See which of your images are affected by this CVE and how to fix them by signing into Docker Scout.

Sign in