Security News > 2024 > July > BlastRADIUS Vulnerability Discovered in RADIUS Protocol Used in Corporate Networks and Cloud

BlastRADIUS Vulnerability Discovered in RADIUS Protocol Used in Corporate Networks and Cloud
2024-07-11 20:08

A BlastRADIUS attack involves the attacker intercepting network traffic between a client, such as a router, and the RADIUS server.

While MD5 is well-known to have weaknesses that allow attackers to generate collisions or reverse the hash, the researchers say that the BlastRADIUS attack "Is more complex than simply applying an old MD5 collision attack" and more advanced in terms of speed and scale.

Exploiting the vulnerability leverages a man-in-the-middle attack on the RADIUS authentication process.

In a BlastRADIUS attack, the attacker intercepts and manipulates the Access-Request message before it reaches the server in an MD5 collision attack.

You can read a full technical description and proof-of-concept of a BlastRADIUS attack in this PDF. How easy is it for an attacker to exploit the BlastRADIUS vulnerability?

The attacker must be well-funded, as a significant amount of cloud computing power is required to pull off each BlastRADIUS attack.


News URL

https://www.techrepublic.com/article/blastradius-vulnerability-radius-protocol/

Related vendor

VENDOR LAST 12M #/PRODUCTS LOW MEDIUM HIGH CRITICAL TOTAL VULNS
Protocol 12 0 1 15 1 17