CVE-2017-9148 – freeradius: TLS resumption authentication bypass

https://notcve.org/view.php?id=CVE-2017-9148

The TLS session cache in FreeRADIUS 2.1.1 through 2.1.7, 3.0.x before 3.0.14, 3.1.x before 2017-02-04, and 4.0.x before 2017-02-04 fails to reliably prevent resumption of an unauthenticated session, which allows remote attackers (such as malicious 802.1X supplicants) to bypass authentication via PEAP or TTLS. La caché de una sesión TLS en FreeRADIUS versiones 2.1.1 hasta 2.1.7, versiones 3.0.x anteriores a 3.0.14, versiones 3.1.x antes de 04-02-2017, y versiones 4.0.x antes de 04-02-2017, no puede impedir de manera fiable la reanudación de una sesión no autenticada, que permite a los atacantes remotos (como requirentes maliciosos 802.1X) para omitir la autenticación por medio de PEAP o TTLS. An authentication bypass flaw was found in the way the EAP module in FreeRADIUS handled TLS session resumption. A remote unauthenticated attacker could potentially use this flaw to bypass the inner authentication check in FreeRADIUS by resuming an older unauthenticated TLS session. • http://freeradius.org/security.html http://seclists.org/oss-sec/2017/q2/422 http://www.securityfocus.com/bid/98734 http://www.securitytracker.com/id/1038576 https://access.redhat.com/errata/RHSA-2017:1581 https://security.gentoo.org/glsa/201706-27 https://access.redhat.com/security/cve/CVE-2017-9148 https://bugzilla.redhat.com/show_bug.cgi?id=1456697 • CWE-287: Improper Authentication •