Aruba AOS-8: CVE-2024-3596: RADIUS protocol susceptible to forgery attacks

A forgery attack has been discovered against the Response Authenticator in RADIUS/UDP, specifically targeting RFC 2865. This attack allows a man-in-the-middle to forge a valid Access-Accept response to a client request that was initially rejected by the RADIUS server, thereby granting unauthorized network access. The vulnerability exploits a chosen-prefix collision attack on MD5, manipulating the first byte and packet attributes of Access-Reject messages to match the Response Authenticator of a forged Access-Accept message. The attack requires appending a minimal amount of collision block gibberish to the Access-Request, which is then encapsulated in Proxy-State attributes and processed by the server, ensuring the

computed Response Authenticator matches for both the legitimate Access-Reject and the forged Access-Accept.

The attacker must have man-in-the-middle access between the RADIUS client and server and the ability to trigger an Access-Request. By predicting the Access-Reject response and computing an MD5 chosen-prefix collision (within 5 to 6 minutes, potentially faster with more resources), the attacker can modify the client request, remove any Message-Authenticator attributes if PAP authentication is used, and forge an Access-Accept response by copying the Response Authenticator from the Access-Reject response. This modified response, when sent to
the client, grants the attacker unauthorized access to resources authenticated/authorized via RADIUS.