A vulnerability in the RADIUS protocol allows hackers to penetrate mission-critical network infrastructure. The problem was caused by the protocol’s use of outdated encryption techniques.
The RADIUS protocol has been in service since 1991. Since then, protocols and security techniques have evolved several times. This is done, for example, to make things more secure. Within RADIUS, the encryption technique does not appear to have evolved along with the latest techniques, and this has now resulted in a vulnerability.
Hackers can use “BlastRADIUS”(CVE-2024-3596), as the vulnerability is known, to set up a man-in-the-middle attack. The attack creates the ability to send an approval signal after a denied authentication request is sent. This redirection is possible through a combination of weaknesses in the protocol that can be exploited in an MD5 collision attack. Subsequently, access is open to network devices and services; no login is required.
Use in corporate networks
RADIUS has become a standard in enterprise network use over the years. The protocol handles things like authentication to access switches, routers, VPNs, and ISP services. It also handles Wi-Fi requests over the standard IEEE 802.1X and network authentication for connections over 2G, 3G, and 5G. So, the protocol is ingrained in all sorts of things, further increasing the danger of vulnerability.
Affected implementations of the protocol use authentication methods over UDP, except for those over EAP. The researchers who tracked down BlastRADIUS recommend that companies with vulnerable implementations request a patch from vendors. Further, they can enforce that all RADIUS requests and responses use Message-Authenticator attributes for increased security.
Protocol origins
Originally, the use cases for the protocol were many times more limited. The Remote Authentication Dial-In User Service, the full name of RADIUS, was designed to digitally connect Michigan universities. Later, in 1997, the protocol was given a larger task as an Internet Engineering Task Force (IETF) standard. With that designation, it became a network protocol that grants access, authenticates and registers users who want to connect to a remote network.
Also read: ‘Most cyber attacks hide in encrypted web traffic’