Security News > 2024 > July > Critical vulnerability in the RADIUS protocol leaves networking equipment open to attack

A new critical security vulnerability in the RADIUS protocol, dubbed BlastRADIUS, leaves most networking equipment open to Man-in-the-Middle attacks.
To protect businesses from BlastRADIUS, "Every network switch, router, firewall, VPN concentrator, access point, and DSL gateway worldwide needs to be updated to add integrity and authentication checks for these packets," explains Alan DeKok, CEO of InkBridge Networks and one of the foremost experts on RADIUS servers.
"The RADIUS protocol allows certain Access-Request messages to have no integrity or authentication checks. As a result, an attacker can modify these packets without detection. The attacker could force any user to authenticate and give any authorization to that user."
"The RADIUS protocol is a foundational element of most network access systems worldwide. As of July 9, nearly all of these systems are no longer secure. The discovery of the BlastRADIUS issue means that network technicians must install firmware upgrades on every device involved in network security, identity, and authentication. We believe that Internet service providers, enterprises, and most cloud identity providers are likely to be affected by this issue," said DeKok.
"ISPs will have to upgrade their RADIUS servers and networking equipment. Anyone using MAC address authentication, or RADIUS for administrator logins to switches is vulnerable. Using TLS or IPSec prevents the attack, and 802.1X is not vulnerable." . For most enterprises, the attacker would already need access to the management VLAN. ISPs can be vulnerable if they send RADIUS traffic over intermediate networks, such as third-party outsourcers or the wider Internet.
For networking equipment, install any firmware update that is available from your network equipment vendor.
News URL
https://www.helpnetsecurity.com/2024/07/09/blastradius-radius-protocol-vulnerability/
Related news
- Critical PHP RCE vulnerability mass exploited in new attacks (source)
- Critical RCE bug in Microsoft Outlook now exploited in attacks (source)
- PostgreSQL Vulnerability Exploited Alongside BeyondTrust Zero-Day in Targeted Attacks (source)
- Critical PostgreSQL bug tied to zero-day attack on US Treasury (source)
- CISA Flags Craft CMS Vulnerability CVE-2025-23209 Amid Active Attacks (source)
- Hackers Exploit Paragon Partition Manager Driver Vulnerability in Ransomware Attacks (source)
- Elastic Releases Urgent Fix for Critical Kibana Vulnerability Enabling Remote Code Execution (source)
- Moxa Issues Fix for Critical Authentication Bypass Vulnerability in PT Switches (source)
- CISA tags critical Ivanti EPM flaws as actively exploited in attacks (source)
- Apple Releases Patch for WebKit Zero-Day Vulnerability Exploited in Targeted Attacks (source)