%20--%3e%3csvg%20version='1.1'%20id='Layer_1'%20x='0px'%20y='0px'%20viewBox='0%200%20107.30001%20140.79999'%20xml:space='preserve'%20sodipodi:docname='mind_logo_positief.svg'%20width='107.30001'%20height='140.79999'%20xmlns:inkscape='http://www.inkscape.org/namespaces/inkscape'%20xmlns:sodipodi='http://sodipodi.sourceforge.net/DTD/sodipodi-0.dtd'%20xmlns='http://www.w3.org/2000/svg'%20xmlns:svg='http://www.w3.org/2000/svg'%3e%3cdefs%20id='defs29'%20/%3e%3csodipodi:namedview%20id='namedview29'%20pagecolor='%23505050'%20bordercolor='%23eeeeee'%20borderopacity='1'%20inkscape:showpageshadow='0'%20inkscape:pageopacity='0'%20inkscape:pagecheckerboard='0'%20inkscape:deskcolor='%23d1d1d1'%3e%3cinkscape:page%20x='0'%20y='0'%20width='107.30001'%20height='140.79999'%20id='page2'%20margin='0'%20bleed='0'%20/%3e%3c/sodipodi:namedview%3e%3cstyle%20type='text/css'%20id='style1'%3e%20.st0{fill:%231F1FA3;}%20.st1{fill:url(%23SVGID_1_);}%20.st2{fill:url(%23SVGID_00000033333245342322421190000001486717665348835473_);}%20.st3{fill:url(%23SVGID_00000075852413222229328580000001131059578544388517_);}%20%3c/style%3e%3cg%20id='g9'%20transform='translate(-21.299999,-20.6)'%3e%3clinearGradient%20id='SVGID_1_'%20gradientUnits='userSpaceOnUse'%20x1='4.8695998'%20y1='142.78'%20x2='99.248901'%20y2='35.348301'%3e%3cstop%20offset='0'%20style='stop-color:%2347EFF0'%20id='stop4'%20/%3e%3cstop%20offset='1'%20style='stop-color:%23297BFF'%20id='stop5'%20/%3e%3c/linearGradient%3e%3crect%20x='21.299999'%20y='64'%20class='st1'%20width='19.9'%20height='97.400002'%20id='rect5'%20style='fill:url(%23SVGID_1_)'%20/%3e%3clinearGradient%20id='SVGID_00000007421653842672228110000012418760815982452352_'%20gradientUnits='userSpaceOnUse'%20x1='23.7796'%20y1='159.3925'%20x2='118.1588'%20y2='51.9608'%3e%3cstop%20offset='0'%20style='stop-color:%2347EFF0'%20id='stop6'%20/%3e%3cstop%20offset='1'%20style='stop-color:%23297BFF'%20id='stop7'%20/%3e%3c/linearGradient%3e%3cpath%20style='fill:url(%23SVGID_00000007421653842672228110000012418760815982452352_)'%20d='M%2072.3,64%20H%2064%20v%2075.2%20H%2085.1%20V%2076.8%20C%2085.1,69.7%2079.4,64%2072.3,64%20Z'%20id='path7'%20/%3e%3clinearGradient%20id='SVGID_00000072986549029232277750000008760038133176911550_'%20gradientUnits='userSpaceOnUse'%20x1='20.501699'%20y1='156.51289'%20x2='114.881'%20y2='49.0812'%3e%3cstop%20offset='0'%20style='stop-color:%2347EFF0'%20id='stop8'%20/%3e%3cstop%20offset='1'%20style='stop-color:%23297BFF'%20id='stop9'%20/%3e%3c/linearGradient%3e%3cpath%20style='fill:url(%23SVGID_00000072986549029232277750000008760038133176911550_)'%20d='M%2073.6,20.6%20H%2064%20v%2019.9%20h%209.6%20c%2019.3,0%2035.1,15.7%2035.1,35.1%20v%2044.3%20h%2019.9%20V%2075.6%20c%200,-30.3%20-24.7,-55%20-55,-55%20z'%20id='path9'%20/%3e%3c/g%3e%3c/svg%3e)
Name
CVE-2024-3596
Description
RADIUS Protocol under RFC 2865 is susceptible to forgery attacks by a local attacker who can modify any valid Response (Access-Accept, Access-Reject, or Access-Challenge) to any other response using a chosen-prefix collision attack against MD5 Response Authenticator signature.
CWEs
Published Date
Updated Date
Workaround
-
Advisories
https://datatracker.ietf.org/doc/draft-ietf-radext-deprecating-radius/Technical Description
https://datatracker.ietf.org/doc/html/rfc2865Technical Description
https://networkradius.com/assets/pdf/radius_and_md5_collisions.pdfThird Party Advisory
https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2024-0014Third Party Advisory
https://www.blastradius.fail/Technical Description
https://datatracker.ietf.org/doc/draft-ietf-radext-deprecating-radius/Technical Description
https://datatracker.ietf.org/doc/html/rfc2865Technical Description
https://networkradius.com/assets/pdf/radius_and_md5_collisions.pdfThird Party Advisory
https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2024-0014Third Party Advisory
https://security.netapp.com/advisory/ntap-20240822-0001/Third Party Advisory
https://today.ucsd.edu/story/computer-scientists-discover-vulnerabilities-in-a-popular-security-protocolThird Party Advisory
https://www.blastradius.fail/Technical Description
Analysis#
Vulnerability Ratings#
9
CVSSv31
9
CVSSv31
NaN
other
Others affected components#
Name
Project
Project Version
Version
Status
buildroot
2025.02.x
2.11
Not Affected
buildroot
2025.02.x
1.21.3
Not Affected
buildroot
2025.02.x
2.11
Not Affected
buildroot
master
2.11
Not Affected
buildroot
master
1.22.2
Not Affected
buildroot
master
2.11
Not Affected
openwrt
master
2026.04.02~b004de0bf1b54d669d358b7f33d6f474bd9719a6-r1
Not Affected
openwrt
master
2020.06.08~5a8b366233f5585e68a4ffbb604fbb4a848eb325-r10
Not Affected
openwrt
master
1.22.2-r1
Not Affected
openwrt
openwrt-25.12
2025.08.26~ca266cc24d8705eb1a2a0857ad326e48b1408b20-r1
Not Affected
openwrt
openwrt-25.12
2020.06.08~5a8b366233f5585e68a4ffbb604fbb4a848eb325-r10
Not Affected
openwrt
openwrt-25.12
1.22.1-r1
Not Affected
yocto
master
2.11
Not Affected
yocto
master
1.22.2
Not Affected
yocto
master
2.11
Not Affected
yocto
scarthgap
2.10
Patched
yocto
scarthgap
1.21.3
Patched
yocto
scarthgap
2.10
Patched
Resolved with patches#
hostapd (yocto:kirkstone)
#
Title
Author
Resolve
1
Require Message-Authenticator in Access-Reject even
Jouni Malinen <j@w1.fi>
CVE-2024-3596
2
SAE: Check for invalid Rejected Groups element length
Jouni Malinen <j@w1.fi>
CVE-2024-3596
3
RADIUS: Allow Message-Authenticator attribute as the
Jouni Malinen <j@w1.fi>
CVE-2024-3596
4
RADIUS: Check Message-Authenticator if it is present even
Jouni Malinen <j@w1.fi>
CVE-2024-3596
5
RADIUS: Require Message-Authenticator attribute in MAC
Jouni Malinen <j@w1.fi>
CVE-2024-3596
6
hostapd: Move Message-Authenticator attribute to be the
Jouni Malinen <j@w1.fi>
CVE-2024-3596
7
RADIUS DAS: Move Message-Authenticator attribute to be
Jouni Malinen <j@w1.fi>
CVE-2024-3596
8
RADIUS server: Place Message-Authenticator attribute as
Jouni Malinen <j@w1.fi>
CVE-2024-3596
krb5 (yocto:kirkstone)
#
Title
Author
Resolve
1
Generate and verify message MACs in libkrad
Julien Rische <jrische@redhat.com>
CVE-2024-3596
wpa-supplicant (yocto:kirkstone)
#
Title
Author
Resolve
1
Require Message-Authenticator in Access-Reject even
Jouni Malinen <j@w1.fi>
CVE-2024-3596
2
SAE: Check for invalid Rejected Groups element length
Jouni Malinen <j@w1.fi>
CVE-2024-3596
3
eapol_test: Move Message-Authenticator attribute to be
Jouni Malinen <j@w1.fi>
CVE-2024-3596
4
RADIUS: Allow Message-Authenticator attribute as the
Jouni Malinen <j@w1.fi>
CVE-2024-3596
5
RADIUS: Check Message-Authenticator if it is present even
Jouni Malinen <j@w1.fi>
CVE-2024-3596
6
RADIUS: Require Message-Authenticator attribute in MAC
Jouni Malinen <j@w1.fi>
CVE-2024-3596
7
hostapd: Move Message-Authenticator attribute to be the
Jouni Malinen <j@w1.fi>
CVE-2024-3596
8
RADIUS DAS: Move Message-Authenticator attribute to be
Jouni Malinen <j@w1.fi>
CVE-2024-3596
9
RADIUS server: Place Message-Authenticator attribute as
Jouni Malinen <j@w1.fi>
CVE-2024-3596
hostapd (yocto:scarthgap)
#
Title
Author
Resolve
1
Require Message-Authenticator in Access-Reject even
Jouni Malinen <j@w1.fi>
CVE-2024-3596
2
SAE: Check for invalid Rejected Groups element length
Jouni Malinen <j@w1.fi>
CVE-2024-3596
3
ieee802_11_auth: Coding style cleanup - no string
Jouni Malinen <j@w1.fi>
CVE-2024-3596
4
RADIUS: Allow Message-Authenticator attribute as the
Jouni Malinen <j@w1.fi>
CVE-2024-3596
5
RADIUS: Check Message-Authenticator if it is present even
Jouni Malinen <j@w1.fi>
CVE-2024-3596
6
RADIUS: Require Message-Authenticator attribute in MAC
Jouni Malinen <j@w1.fi>
CVE-2024-3596
7
hostapd: Move Message-Authenticator attribute to be the
Jouni Malinen <j@w1.fi>
CVE-2024-3596
8
RADIUS DAS: Move Message-Authenticator attribute to be
Jouni Malinen <j@w1.fi>
CVE-2024-3596
9
RADIUS server: Place Message-Authenticator attribute as
Jouni Malinen <j@w1.fi>
CVE-2024-3596
krb5 (yocto:scarthgap)
#
Title
Author
Resolve
1
Generate and verify message MACs in libkrad
Julien Rische <jrische@redhat.com>
CVE-2024-3596
wpa-supplicant (yocto:scarthgap)
#
Title
Author
Resolve
1
Require Message-Authenticator in Access-Reject even
Jouni Malinen <j@w1.fi>
CVE-2024-3596
2
SAE: Check for invalid Rejected Groups element length
Jouni Malinen <j@w1.fi>
CVE-2024-3596
3
eapol_test: Move Message-Authenticator attribute to be
Jouni Malinen <j@w1.fi>
CVE-2024-3596
4
RADIUS: Allow Message-Authenticator attribute as the
Jouni Malinen <j@w1.fi>
CVE-2024-3596
5
RADIUS: Check Message-Authenticator if it is present even
Jouni Malinen <j@w1.fi>
CVE-2024-3596
6
RADIUS: Require Message-Authenticator attribute in MAC
Jouni Malinen <j@w1.fi>
CVE-2024-3596
7
hostapd: Move Message-Authenticator attribute to be the
Jouni Malinen <j@w1.fi>
CVE-2024-3596
8
RADIUS DAS: Move Message-Authenticator attribute to be
Jouni Malinen <j@w1.fi>
CVE-2024-3596
9
RADIUS server: Place Message-Authenticator attribute as
Jouni Malinen <j@w1.fi>
CVE-2024-3596