Popular RADIUS server exploitable with TLS session caching
'Inner authentication' has bad karma, allows strangers to log in without credentials
Sysadmins with FreeRADIUS – the most widely deployed Remote Authentication Dial-In User Service server – in their boxen need to run an upgrade because there's a bug in its TTLS and PEAP implementations.
Stefan Winter, who works for Luxembourg's high-speed academic network RESTENA, discovered FreeRADIUS's broken TLS session resumption authentication.
To handle comms interruptions (for example, if someone on a TLS connection moves from one cell tower to another), FreeRADIUS skips what's called "inner authentication" – meaning the user isn't asked for a new login.
"This is a feature but there is a critical catch: the server must never allow resumption of a TLS session until its initial connection gets to the point where inner authentication has been finished successfully," the advisory states.
"Affected versions of FreeRADIUS fail to reliably prevent resumption of unauthenticated sessions unless the TLS session cache is disabled completely, and allow an attacker (e.g. a malicious supplicant) to elicit EAP Success without sending any valid credentials."
The bug affects FreeRADIUS 2.2.x (a deprecated version still included in some Linux distributions); all versions before 3.0.14 in the stable branch; and all versions before February in the development branches 3.1.x and 4.0.x.
The advisory notes the same bugs were independently spotted by Luboš Pavlíček of the University of Economics, Prague.
If you can't patch immediately, disable TLS session caching. ®