Blast-RADIUS: Major vulnerability found in common protocol
Used everywhere, from home internet to VPNs
Security researchers have discovered a vulnerability in the Remote Authentication Dial-In User Service (RADIUS) protocol, which attackers could use to gain unauthorised access to corporate networks, internet service providers (ISPs) and even critical infrastructure.
RADIUS is widely used for authenticating devices and users on networks. It's used in everything from DSL and home internet connections (FTTH) to Wi-Fi access, cellular networks and even private VPNs.
However, researchers warn that a vulnerability (CVE-2024-3596) in its design, coupled with the use of a cryptographically broken hashing algorithm (MD5), creates a security hole that attackers can exploit.
"The RADIUS protocol allows certain Access-Request messages to have no integrity or authentication checks," InkBridge Networks CEO Alan DeKok, the creator of the FreeRADIUS Project, said.
"As a result, an attacker can modify these packets without detection. The attacker would be able to force any user to authenticate, and to give any authorisation (VLAN, etc.) to that user."
The attack, dubbed "Blast-RADIUS," works by tricking the RADIUS server into accepting a fake login attempt. The attacker positions themselves between the client device and the RADIUS server, essentially becoming a "man-in-the-middle."
They can then manipulate the communication and forge a message that appears to be a successful login, essentially granting them access to the network.
What's particularly concerning is that this attack doesn't require stealing passwords or cracking encryption.
"Our attack combines a novel protocol vulnerability with an MD5 chosen-prefix collision attack and several new speed and space improvements," the researchers said.
"The attacker injects a malicious attribute into a request that causes a collision between the authentication information in the valid server response and the attacker's desired forgery. This allows the attacker to turn a reject into an accept, and add arbitrary protocol attributes."
The severity of this vulnerability stems from several factors.
RADIUS relies on MD5 for data integrity checks, a method deemed insecure since 2008 due to its susceptibility to collision attacks. This means attackers can generate a fake response packet that appears legitimate to the server.
Moreover, the data packets RADIUS transmits are unencrypted by default, making them vulnerable to interception and manipulation on the network, especially when sent over the internet.
Organisations that rely on RADIUS for network authentication, like ISPs, are the most vulnerable, especially if they transmit RADIUS traffic unencrypted over the internet.
Similarly, networks using RADIUS for switch administration, user authentication with specific methods (PAP, CHAP, MS-CHAPv2), or MAC address authentication are at risk.
While there are no reports of Blast-RADIUS being actively exploited, its potential for widespread damage makes immediate action crucial.
There's no fix for end-users at this point. However, network administrators and device vendors can take steps to mitigate the risk.
They are advised to upgrade to RADIUS over TLS (RADSEC), which uses stronger encryption; to implement "multihop" RADIUS deployments; and to isolate RADIUS traffic on a separate network segment with restricted access to minimise the risk of interception.