Adrian Johnson
TLDR:
- RADIUS protocol vulnerability called BlastRADIUS allows for MitM attacks
- Attack can bypass integrity checks and authentication
Cybersecurity researchers have discovered a security vulnerability in the RADIUS network authentication protocol called BlastRADIUS that could be exploited by an attacker to stage Mallory-in-the-middle (MitM) attacks and bypass integrity checks under certain circumstances. The vulnerability impacts RADIUS/UDP traffic over the internet, making it crucial for organizations to update to the latest version to mitigate the risk. Specifically, PAP, CHAP, and MS-CHAPv2 authentication methods are the most vulnerable, and using TLS or IPSec can prevent the attack. The vulnerability is tracked as CVE-2024-3596 and has a CVSS score of 9.0. While there is currently no evidence of exploitation in the wild, the risk remains for networks that send RADIUS/UDP traffic over the internet.
Full Article:
Cybersecurity researchers have identified a security vulnerability in the RADIUS network authentication protocol known as BlastRADIUS. This vulnerability, discovered by InkBridge Networks CEO Alan DeKok, allows attackers to conduct Mallory-in-the-middle (MitM) attacks by exploiting certain Access-Request messages without integrity or authentication checks. RADIUS, or Remote Authentication Dial-In User Service, is a client/server protocol that provides centralized authentication, authorization, and accounting (AAA) management for network users.
The vulnerability in BlastRADIUS stems from a fundamental design flaw in the RADIUS protocol, which relies on a hash derived using the MD5 algorithm. This algorithm has been considered cryptographically broken since 2008, making it susceptible to collision attacks. An attacker who can modify RADIUS packets in transit between the client and server could bypass integrity checks and force any user to authenticate and obtain authorization.
Organizations that send RADIUS packets over the internet are at risk of exploitation, but mitigating factors include using TLS for transmitting RADIUS traffic and implementing increased packet security via the Message-Authenticator attribute. It is recommended for internet service providers (ISPs) and organizations using the RADIUS protocol to update their systems to the latest version to prevent potential MitM attacks.
The vulnerability, designated as CVE-2024-3596 and carrying a CVSS score of 9.0, particularly impacts networks that send RADIUS/UDP traffic over the internet, where most RADIUS traffic is transmitted ‘in the clear.’ While there is no current evidence of active exploitation, the risk remains for networks vulnerable to this attack. The attacker would need access to the management VLAN for enterprise networks or be able to intercept RADIUS traffic over intermediate networks for ISPs.
In conclusion, it is essential for organizations to be aware of the BlastRADIUS vulnerability in the RADIUS protocol and take steps to secure their networks against potential MitM attacks. Implementing TLS or IPSec for RADIUS traffic and upgrading to the latest RADIUS server versions are crucial steps in mitigating this vulnerability and protecting network integrity.
