OpenAM: Unauthenticated Authentication Bypass via RADIUS Spoofing
Description An Improper Verification of Cryptographic Signature (CWE-347) issue in OpenAM's RADIUS authentication module allows an unauthenticated network attacker to spoof an Access-Accept response and obtain an OpenAM session for any RADIUS username, without knowing the configured shared secret. This affects OpenAM Community Edition through version 16.0.6 and was patched in version 16.1.1. The RADIUS client opens an unconnected datagram socket and treats the first UDP datagram delivered to its …