Login Sign Up

CVE-2023-38322

7.5 HIGH
Denial of Service

📋 TL;DR

This vulnerability in OpenNDS Captive Portal allows remote attackers to cause a denial-of-service by sending a crafted HTTP request with a missing User-Agent header when BinAuth is enabled. The NULL pointer dereference crashes the OpenNDS service, disrupting captive portal functionality. Organizations using OpenNDS Captive Portal versions before 10.1.2 with BinAuth enabled are affected.

💻 Affected Systems

Products:
  • OpenNDS Captive Portal
Versions: All versions before 10.1.2
Operating Systems: Linux-based systems running OpenNDS
Default Config Vulnerable: ✅ No
Notes: Only vulnerable when BinAuth option is enabled in configuration

📦 What is this software?

Captive Portal by Opennds

View all CVEs affecting Captive Portal →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete service outage of the captive portal, preventing new client authentication and disrupting network access for all users until service restart.

🟠

Likely Case

Intermittent service crashes requiring manual intervention to restart OpenNDS, causing temporary network access disruptions.

🟢

If Mitigated

Minimal impact if BinAuth is disabled or the system is patched; otherwise, service crashes requiring restart.

🌐 Internet-Facing: HIGH
🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: LIKELY
Unauthenticated Exploit: ⚠️ Yes
Complexity: LOW

Exploitation requires sending a simple HTTP request with missing User-Agent header when BinAuth is enabled

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 10.1.3

Vendor Advisory: https://github.com/openNDS/openNDS/releases/tag/v10.1.2

Restart Required: Yes

Instructions:

1. Backup current configuration. 2. Update OpenNDS to version 10.1.3 or later. 3. Restart OpenNDS service. 4. Verify service is running correctly.

🔧 Temporary Workarounds

Disable BinAuth

linux

Disable the BinAuth authentication option in OpenNDS configuration

Edit OpenNDS configuration file and set 'binauth' to 'disabled' or remove BinAuth configuration

🧯 If You Can't Patch

  • Disable BinAuth authentication option in configuration
  • Implement network filtering to block HTTP requests with missing User-Agent headers

🔍 How to Verify

Check if Vulnerable:

Check OpenNDS version and verify BinAuth is enabled in configuration

Check Version:

opennds --version

Verify Fix Applied:

Confirm OpenNDS version is 10.1.3 or later and service remains stable after sending test requests

📡 Detection & Monitoring

Log Indicators:

  • OpenNDS crash logs
  • Segmentation fault errors in system logs
  • Service restart messages

Network Indicators:

  • HTTP GET requests with missing User-Agent headers to OpenNDS port

SIEM Query:

source="opennds.log" AND ("segmentation fault" OR "crash" OR "NULL pointer")

📊 Metadata

CVE ID: CVE-2023-38322
CVSS v3 Score: 7.5 (HIGH)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
CWE: CWE-476
Published: November 17, 2023
Last Updated: November 21, 2024

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2023-38322, you might also want to check these:

CVE-2022-36648 10.0

This CVE describes a vulnerability in QEMU's hardware emulation where a malformed program executed i...

Same vulnerability type (CWE-476)
CVE-2022-30592 9.8

This vulnerability in LiteSpeed QUIC (LSQUIC) before version 3.1.0 involves improper handling of MAX...

Same vulnerability type (CWE-476)
CVE-2023-47003 9.8

A NULL pointer dereference vulnerability in RedisGraph allows attackers to execute arbitrary code or...

Same vulnerability type (CWE-476)