Security News > 2024 > July > Critical vulnerability in the RADIUS protocol leaves networking equipment open to attack

A new critical security vulnerability in the RADIUS protocol, dubbed BlastRADIUS, leaves most networking equipment open to Man-in-the-Middle attacks.

To protect businesses from BlastRADIUS, "Every network switch, router, firewall, VPN concentrator, access point, and DSL gateway worldwide needs to be updated to add integrity and authentication checks for these packets," explains Alan DeKok, CEO of InkBridge Networks and one of the foremost experts on RADIUS servers.

"The RADIUS protocol allows certain Access-Request messages to have no integrity or authentication checks. As a result, an attacker can modify these packets without detection. The attacker could force any user to authenticate and give any authorization to that user."

"The RADIUS protocol is a foundational element of most network access systems worldwide. As of July 9, nearly all of these systems are no longer secure. The discovery of the BlastRADIUS issue means that network technicians must install firmware upgrades on every device involved in network security, identity, and authentication. We believe that Internet service providers, enterprises, and most cloud identity providers are likely to be affected by this issue," said DeKok.

"ISPs will have to upgrade their RADIUS servers and networking equipment. Anyone using MAC address authentication, or RADIUS for administrator logins to switches is vulnerable. Using TLS or IPSec prevents the attack, and 802.1X is not vulnerable." . For most enterprises, the attacker would already need access to the management VLAN. ISPs can be vulnerable if they send RADIUS traffic over intermediate networks, such as third-party outsourcers or the wider Internet.

For networking equipment, install any firmware update that is available from your network equipment vendor.

News URL

https://www.helpnetsecurity.com/2024/07/09/blastradius-radius-protocol-vulnerability/