Heimdal
article featured image

Contents:

Researchers warn that BlastRADIUS, a flaw in the RADIUS network authentication protocol helps hackers conduct Man-in-the-middle (MitM) attacks.

RADIUS is short for Remote Authentication Dial-In User Service. It is a client/server protocol for authenticating users and devices. Various networked devices like switches, routers, access points, and other routing infrastructure rely on it.

RADIUS runs in the application layer and can use Transmission Control Protocol (TCP) or User Datagram Protocol (UDP).

More about the BlastRADIUS flaw

Blast-RADIUS uses protocol vulnerability CVE-2024-3596 and the MD5 hashing algorithm. Thus, they enable attackers to access the RADIUS traffic. Further on, hackers will be able to:

  • manipulate server responses
  • add arbitrary protocol attributes
  • gain admin privileges on RADIUS devices

radius attack diagram

Source – Blast-RADIUS research team

How can they authenticate as admins without requiring brute force or stealing credentials?

Researchers explained that once they get access to a network that uses RADIUS, the attacker can craft a response to the RADIUS server to change the response to any of the valid responses. There are 4 possible types or response:

  • Access-Accept
  • Access-Reject
  • Access-Challenge
  • Protocol-Error

But in this case, the type doesn’t matter.

This ability allows the attacker to change the Reject response to an Accept or the other way around.

If the attacker intercepts an Access-Challenge response, which is typically used in Multi-Factor Authentication (MFA), they can change it into an Access-Accept response. This will allow them to bypass the MFA used within RADIUS.

The researchers also said that

Due to the flexible, proxied nature of the RADIUS protocol, any server in the chain of proxied RADIUS servers can be targeted to succeed in the attack.

Source – Carnegie Mellon University, Vulnerability Note VU#456537

Prevention measures against BlastRADIUS attacks

Security specialists found the exploitation possibility for the RADIUS flaw concerning. They say that the MD5 hashing algorithm is not considered reliable in this case.

The recent publication of the “Blast RADIUS” exploit has shown that RADIUS needs to be updated. It is no longer acceptable for RADIUS to rely on MD5 for security. It is no longer acceptable to send device or location information in clear text across the wider Internet.

Source – IETF

For the moment, researchers urge network admins to enforce the following prevention measures:

If you liked this article, follow us on LinkedIn, Twitter, Facebook, and Youtube, for more cybersecurity news and topics.

Author Profile

Livia Gyongyoși

Communications and PR Officer

Livia Gyongyoși is a Communications and PR Officer within Heimdal®, passionate about cybersecurity. Always interested in being up to date with the latest news regarding this domain, Livia's goal is to keep others informed about best practices and solutions that help avoid cyberattacks.

CHECK OUR SUITE OF 11 CYBERSECURITY SOLUTIONS

SEE MORE