A vulnerability in the Radius protocol, the foundation of modern network infrastructure, has been discovered by safety researchers. This vulnerability, known as Blast-Radius, allows attackers to access network devices and services without requiring passwords.
Blast-Radius enables MITM-Ataka, where attackers can send false messages regarding the protocol’s adoption in response to unsuccessful authentication requests. This allows unauthorized access to network devices and services without the need for passwords or secrets, while the user’s accounting data remains secure.
The vulnerability affects all Radius implementations using authentication methods other than EAP through the UDP protocol, putting organizations that rely on Radius to manage network access at risk. This includes large corporate networks, Internet providers, and telecommunication companies.
Despite its development in 1991 for the Dial-UP Internet era, the Radius protocol remains a standard authentication protocol for remote access to network devices. Almost all switches, routers, access points, and VPN concentrators sold over the past two decades support Radius.
The vulnerability stems from the protocol’s development before modern cryptographic standards, leading to inadequate encryption and authentication. The Radius protocol relies on the MD5 hash function and a fixed shared secret between the client and server for authentication.
An attacker initiates the Blast-Radius attack by manipulating the client’s request to introduce a malicious Proxy-State attribute, causing the server to authenticate and authorize the attacker without the need for passwords or secrets. By exploiting the MD5 Chosen-Prefix collision, the attacker can modify server responses to gain unauthorized access to network devices and services.
This new vulnerability in the Radius protocol, when combined with the advanced attack techniques, poses a serious security threat to organizations relying on Radius for network access management. It allows attackers to bypass authentication and gain access to network resources without the need for passwords or secrets.