RADIUS Protocol Vulnerability Security Advisory

This document is a security advisory detailing a vulnerability identified as CVE-2024-3596 in the RADIUS protocol, which can be exploited to bypass authentication. The advisory describes the nature of the vulnerability, which allows a local attacker to perform forgery attacks by intercepting and modifying valid responses between the RADIUS client and server. It specifies that RADIUS authentication flows secured by TLS or VPN connections are not susceptible to this attack. The advisory lists affected Alcatel-Lucent Enterprise products and their corresponding software versions. It also outlines recommended workarounds to mitigate the vulnerability, including the use of IEEE 802.1X for user and device authentication and enabling RADIUS over TLS for secure communication between devices. The document concludes with a history note indicating its creation date.