My next class:

FreeRadius Authentication Bypass

Published: 2017-05-30. Last Updated: 2017-05-30 11:43:26 UTC
by Johannes Ullrich (Version: 1)
2 comment(s)

The RADIUS protocol was originally introduced to authenticate dial-up users.( "Remote Authentication Dial-In User Service). While dial-up modems are gone, RADIUS has stuck around as an all-around authentication protocol for various network devices. RADIUS itself assumes a secure connection, which was fine during dial-up days, but in modern networks, RADIUS usually relies on TLS. 

Today, Stefan Winter released details about a vulnerability in FreeRADIUS, an open source implementation of the RADIUS protocol, which can be used to authenticate successfully without ever sending valid credentials [1].

TLS can "resume connections." The server caches the session keys to make this possible, and if a client connects back with a known TLS session ID, the keys are retrieved from its cache and used. In itself, the features is not a big problem, and the feature is necessary to achieve optimal performance for TLS. Without being able to resume connections, the TLS handshake has to be established again.

However, the problem with FreeRADIUS is that it assumes that for resumed sessions, the "inner authentication," which is the actual RADIUS authentication, already succeeded. This is not always true. A session may be interrupted, and then resumed, before the authentication succeeded. 

The result is that an attacker can authenticate to a FreeRADIUS server by first connecting, then suspending and resuming the session. No credentials are necessary.

FreeRADIUS released an update. Version 3.0.14 is no longer vulnerable. If you can't patch right now, then you can also turn off TLS session caching by setting "enabled=no" in the cache section of the EAP module settings. The vulnerability has been assigned CVE-2017-9148.

A PoC exploit has been developed, but I have not seen it made public so far.

For details, see the original post by Stefan Winter

[1] http://seclists.org/oss-sec/2017/q2/342

 

---

Johannes B. Ullrich, Ph.D., Dean of Research, SANS Technology Institute
STI|Twitter|

Keywords: FreeRADIUS RADIUS TLS
2 comment(s)
My next class:

Comments

Is this a Windows vulnerability or is it any OS that uses Freeradius?
This is a problem with the FreeRADIUS server, no matter what operating system it is running on. Personally, I have only seen FreeRADIUS on Linux. But Windows systems could authenticate to it. Nothing you need to do to the clients.

Diary Archives