You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
A vulnerability in the RADIUS (Remote Authentication Dial-In User Service) protocol allows attackers to forge authentication responses when the Message-Authenticator attribute is not enforced. This issue arises from a cryptographically insecure integrity check using MD5, enabling attackers to spoof UDP-based RADIUS response packets. This can result in unauthorized access by modifying an Access-Reject response to an Access-Accept response, thereby compromising the authentication process.
I believe this can be resolved by upgrading the ubi9 image to 9.5-*.
Is it possible to spin new versions of these 3 images with the updated ubi version? E.g. 1.6.1?
The text was updated successfully, but these errors were encountered:
CVE-2024-3596 is reported for the following images:
A vulnerability in the RADIUS (Remote Authentication Dial-In User Service) protocol allows attackers to forge authentication responses when the Message-Authenticator attribute is not enforced. This issue arises from a cryptographically insecure integrity check using MD5, enabling attackers to spoof UDP-based RADIUS response packets. This can result in unauthorized access by modifying an Access-Reject response to an Access-Accept response, thereby compromising the authentication process.
I believe this can be resolved by upgrading the ubi9 image to 9.5-*.
Is it possible to spin new versions of these 3 images with the updated ubi version? E.g.
1.6.1?The text was updated successfully, but these errors were encountered: