You are using an out of date browser. It may not display this or other websites correctly. You should upgrade or use an alternative browser.
radius protocol
About this tag
The RADIUS protocol is a foundational networking protocol used for authentication, authorization, and accounting (AAA) in enterprise and industrial environments. Recent discussions on WindowsForum highlight a critical vulnerability, CVE-2024-3596, which exploits a chosen-prefix collision attack against the MD5-based RADIUS Response Authenticator defined in RFC 2865. This flaw affects devices from vendors such as Hitachi Energy and Siemens, including substation and network edge products like AFS, AFR, AFF, SIPROTEC, and SICAM. The vulnerability allows local attackers to forge authentication responses, potentially granting or denying network access and compromising device integrity. Mitigation involves enabling the RADIUS Message-Authenticator option and applying vendor firmware updates. These threads underscore the importance of securing RADIUS deployments in critical infrastructure.
Hitachi Energy's AFS, AFR and AFF series of substation and network edge devices are vulnerable to a cryptographic attack against the RADIUS protocol that can let a local attacker forge authentication responses, potentially granting or denying network access, corrupting session state, and...
When critical infrastructure depends on the seamless operation of digital devices, security vulnerabilities in foundational industrial products can have far-reaching effects across sectors and national borders. Recent advisories concerning the Siemens SIPROTEC and SICAM product families have...