Security Update Smart Virtual Appliance / SVA 3.1.1

Date

netgo software GmbH announces the availability of the following security update for the SVA 3:

On July 15th we released update 3.1.1 of the LinOTP Smart Virtual Appliance (SVA) for our customers with an active support and subscription license to mitigate the BlastRADIUS vulnerability.

What is the BlastRADIUS vulnerability?

BlastRADIUS describes a MITM attack that allows to exploit the radius protocol itself. Please read article 2024.07.09 BlastRADIUS Vulnerability at https://www.freeradius.org/security/ for further details regarding the history and criticality of the issue or the practicability of a successful exploit.

Is your LinOTP setup vulnerable to BlastRADIUS?

If your using LinOTP with FreeRADIUS, e.g. on a LinOTP Smart Virtual Appliance, you will be running a vulnerable FreeRADIUS version.

How to mitigate the BlastRADIUS vulnerability?

There is a configuration patch that can be applied to your FreeRADIUS site config. Please refer to the official tutorial in article 2024.07.09 BlastRADIUS Vulnerability - section "If You Cannot Update" on how to apply this patch yourself if you are not running SVA 3.

The update 3.1.1 of LinOTP Smart Virtual Appliance applies this patch, please ensure the update to this version. Please contact the support team for assistance of the regular update or a download link to the latest ISO installer.

For the upcoming container-based architecture, we have already updated FreeRadius to 3.2.5 and provide a new container in our registry. Please contact us at support@linotp.de if you would like to be informed as soon as the new container-based LinOTP Virtual Appliance is available or to get an early-adopter demo version now.

Download

lseappliance 3.3.1 is available as a Debian package from our customer repository.

We are happy to assist our support customers in upgrading their environment to the latest release. Please contact us at support@linotp.de

The LinOTP team

--
netgo software GmbH
https://www.linotp.de
Strong MFA solution by netgo
Branch office Darmstadt, Pallaswiesenstr. 174a, 64293 Darmstadt
Main office, Sachsendamm 63-64, 10829 Berlin
Registerd Office: Amtsgericht Berlin-Charlottenburg, HRB 243718 B
Board of Directors: Matthias Nietz, Constantin Wehmschulte
Germany

Sales Hotline: +49 6151 86086-277, Fax: -299
Email: sales@linotp.de