<iframe src="https://www.googletagmanager.com/ns.html?id=GTM-M74D8PB" height="0" width="0" style="display:none;visibility:hidden">
Loading
Skip to NavigationSkip to Main Content
System Status
Announcements
Announcements
Search
Search
Select Language
Knowledge Base
Knowledge Articles
Support Videos ↗
Documentation
Product Documentation ↗
Developer Documentation ↗
Product Release Notes ↗
Community
Events & Webinars
Okta Ideas ↗
Resources
Product Hub
Customer Success Hub
Product Release Update
Learning
Okta Learning ↗
Get Support
Open a Case
HomeCommunityForum
0D54z0000AFrW4FCQVOkta Classic EngineMulti-Factor AuthenticationAnswered2025-11-29T09:00:52.000Z2024-09-26T20:14:36.000Z2025-01-02T19:35:12.000Z

n9oqe (n9oqe) asked a question.

Edited September 26, 2024 at 8:15 PM
OktaRadiusService and CVE-2024-3596 - when will an updated version become available?

Hi there,

 

Does anyone know when an updated version of OktaRadiusServer will be released that addresses CVE-2024-3596? We have an older version running and recently updated a component of our infrastructure that forces the new message-authenticator attribute to address this vulnerability but it broke due to the RADIUS server not supporting that.

 

It looks like the most recent version is 2.22.0 which was released in June but the CVE was published until July.

 

Thanks!

 

https://www.cve.org/CVERecord?id=CVE-2024-3596

  • 15 answers
  • 1.39K views
MarioR.85299 likes this.

  • paul.stiniguta1.508386743840768E12 (Okta, Inc.)

    Hello @n9oqe (n9oqe)​ Thank you for posting on our Community page!

     

    Our team is working on a fix for this, however there is not exact ETA on the release it should be really soon.

    I would recommend to keep on eye on our Release notes, to see when it will be live.

     

    Thank you for reaching out to our Community and have a great day!

    --

    Help others in the community by liking or hitting Select as Best if this response helped you.

    Expand Post
    Selected as Best

  • paul.stiniguta1.508386743840768E12 (Okta, Inc.)

    Hello @n9oqe (n9oqe)​ Thank you for posting on our Community page!

     

    Our team is working on a fix for this, however there is not exact ETA on the release it should be really soon.

    I would recommend to keep on eye on our Release notes, to see when it will be live.

     

    Thank you for reaching out to our Community and have a great day!

    --

    Help others in the community by liking or hitting Select as Best if this response helped you.

    Expand Post
    Selected as Best

  • MarioR.85299 (Customer)

    Thank you for posting @n9oqe (n9oqe)​. We have the same issue and are awaiting the fix as well.

  • pct5d (pct5d)

    If possible can you please estimate when the new release will happen? Thank you.

  • paul.stiniguta1.508386743840768E12 (Okta, Inc.)

    Hello, from what I can see this is has not been fixed yet. Our engineering team is still working on a fix. I would recommend to Open a Case with Support and they can provide additional assistance on this matter.

  • MarioR.85299 (Customer)

    We opened a case on 9/25 and the only response we have been receiving from Okta Support is:

     

    Please feel free to check the release notes for when our Engineering team will release the newly updated Radius Agent.

  • n9oqe (n9oqe)

    Just wanted to check in and see if there'd been an update to this. Looks like 2.22.0 is still the most recent version available to download.

     

    We're blocked from upgrading other components of our infrastructure until an updated version of OktaRadiusServer is released.

     

    Thanks again!

    Expand Post

  • OfirS.62678 (MedOne)

    Hi Okta team,

    Any update on this release? Do you have an ETA?

    Thanks!

10 of 15

Loading
OktaRadiusService and CVE-2024-3596 - when will an updated version become available?