FreeRADIUS is the world’s most popular RADIUS server, in fact, the vast majority of radius servers are based on FreeRADIUS development, including a lot of open source applications and commercial applications, including. In addition, it has not only provided financial support for Fortune 500 companies and tier one ISP providers, but many enterprise Wi-Fi and IEEE 802.1X networks, especially educational communities, are using FreeRADIUS.
The vulnerability (CVE-2017-9148) exists in the TTLS and PEAP implementations, and the system triggers the vulnerability when processing the reconnected TLS link, where the attacker will be able to bypass the system’s internal authentication mechanism .
Researchers wrote in their published vulnerability report:
“When FreeRADIUS handles a reconnected TLS connection, the TTLS and PEAP implementations in FreeRADIUS will bypass the system’s internal authentication mechanism. The key question now is that unless the initial link to the TLS session has successfully passed internal authentication, Otherwise the server should never allow the TLS session to be reconnected, but unfortunately the FreeRADIUS version affected by this vulnerability simply can not effectively prevent the unauthenticated TLS session from being reconnected unless the system completely disables the TLS session cache. It means that an attacker will be able to bypass the validation mechanism within the system without sending any valid credentials. ”
An interruption of the communication connection is a normal thing, for example, when a user on a TLS communication link moves from one station to another, the communication is interrupted and reconnected. And because of the impact of this vulnerability, the system does not require users to re-login verification.
The FreeRADIUS version affected by Vulnerability CVE-2017-9148 is as follows:
2.2.x: full version;
3.0.x (stable version): 3.0.14 before all versions of the version;
3.1.x and 4.0.x (development version): 2017-02-04 all previous versions of the version;
The system administrator who is using FreeRADIUS needs to update the version to 3.0.14 to resolve the problem, and the current mitigation scheme is to disable the TLS session cache.
The vulnerability mitigation measures given in the vulnerability report are as follows:
(A) disable the TLS session cache, that is, set the enabled parameter to no (enabled = no) in the cache setting area set by the EAP module.
(B) update the version to 3.0.14