Security News > 2024 > July > RADIUS networking protocol blasted into submission through MD5-based flaw

Our attack requires the adversary to have network access to act as a man-in-the-middle attacker on the connection between the victim device's RADIUS client and RADIUS server.

The Blast RADIUS flaw is understood to affect RADIUS deployments that use PAP, CHAP, MS-CHAPv2, and other non-EAP authentication methods.

Blast RADIUS hinges on the way RADIUS clients and servers handle authentication requests, and involves performing collision attacks against the MD5 hashing function.

MD5 has been demonstrably broken since the 2000s, though the Blast RADIUS team say their abuse of the algorithm to exploit the RADIUS protocol vulnerability "Is more complex than simply applying an old MD5 collision attack." They say their approach is better in terms of speed and scale.

As we indicated, a successful Blast RADIUS attack involves someone manipulating a victim's client-server RADIUS traffic to authenticate themselves to one of the target's clients - such as a router - to cause further mischief and mayhem, all without the need for a valid password.

This guidance is being put into an upcoming RADIUS RFC. The best mitigation for client-server RADIUS deployments, we're told, is to implement RADIUS over TLS to protect RADIUS packets in a strongly encrypted stream from miscreants.

News URL

https://go.theregister.com/feed/www.theregister.com/2024/07/10/radius_critical_vulnerability/