Vulnerability discovered in RADIUS protocol


Cybersecurity researchers have discovered a vulnerability in the RADIUS protocol, dubbed BlastRADIUS. While there is no evidence that threat actors are actively exploiting it, the team is calling for all RADIUS servers to be updated.

What is the RADIUS protocol?

RADIUS, or Remote Authentication Dial-In User Service, is a network protocol that provides centralized authentication, authorization, and accounting for users connecting to a network service. It is widely used by Internet service providers and enterprises for switches, routers, access servers, firewalls, and VPN products.

What is a BlastRADIUS attack?

A BlastRADIUS attack involves the attacker intercepting network traffic between a client, such as a router, and the RADIUS server. The attacker must then manipulate the MD5 hash algorithm such that an access denied network packet is read as access accepted. The attacker can now gain access to the client device without the correct login credentials.

While it is well known that MD5 has weaknesses that allow attackers to generate collisions or reverse the hash, the researchers say that the BlastRADIUS attack “is more complex than simply applying an old MD5 collision attack” and more advanced in terms of speed and scale. This is the first time that an MD5 attack against the RADIUS protocol has been practically demonstrated.

Who discovered the BlastFLARE vulnerability?

A team of researchers from Boston University, Cloudflare, BastionZero, Microsoft Research, Centrum Wiskunde & Informatica, and the University of California, San Diego first discovered the BlastRADIUS vulnerability in February and notified Alan DeKok, CEO of InkBridge Networks and a RADIUS expert.

The BlastRADIUS flaw, now identified as CVE-2024-3596 and VU#456537, is due to a “fundamental design flaw in the RADIUS protocol,” according to a security advisory for the FreeRADIUS RADIUS server, maintained by DeKok. It is therefore not limited to a single product or vendor.

SEE: How to use FreeRADIUS for SSH authentication

“Network technicians will need to install a firmware update and reconfigure virtually every switch, router, GGSN, BNG, and VPN concentrator in the world,” DeKok said in a press release. “We expect to see a lot of conversation and activity related to RADIUS security in the coming weeks.”

Who is affected by the BlastRADIUS flaw?

Researchers have discovered that RADIUS deployments using PAP, CHAP, MS-CHAP, and RADIUS/UDP over the Internet will be affected by the BlastRADIUS flaw. This means that ISPs, cloud identity providers, telcos, and enterprises with internal networks are at risk and must take swift action, especially if RADIUS is used for admin logins.

People using the Internet from home are not directly vulnerable, but they are dependent on their ISP resolving the BlastRADIUS flaw or else their traffic could be directed to a system under the attacker's control.

Companies that use PSEC, TLS or 802.1X protocols, as well as services such as eduroam or OpenRoaming, are considered secure.

How does a BlastRADIUS attack work?

Exploitation of the vulnerability allows a man-in-the-middle attack on the RADIUS authentication process. It relies on the fact that in the RADIUS protocol, some access request packets are unauthenticated and lack integrity checks.

An attacker will attempt to log in to the client with incorrect credentials, which will result in an access request message being sent to the server. The message is sent with a 16-byte value called “Request Authenticator”, generated using an MD5 hash.

The request authenticator is intended to be used by the receiving server to compute its response along with a so-called “shared secret” that is known only to the client and server. This way, when the client receives the response, it can decrypt the packet using its request authenticator and the shared secret, and verify that it was sent by the trusted server.

However, in a BlastRADIUS attack, the attacker intercepts and manipulates the access request message before it reaches the server in an MD5 collision attack. The attacker adds “garbage” data to the access request message, ensuring that the server's access denied response also includes this data. The attacker then manipulates this access denied response such that the client reads it as a valid access accept message, thereby granting unauthorized access.

BlastRADIUS attack overview. Image: Cloudflare

Cloudflare researchers performed the attack on RADIUS devices with a five-minute timeout period. However, attackers with sophisticated computing resources have scope to perform the attack in significantly less time, possibly between 30 and 60 seconds, which is the default timeout period for many RADIUS devices.

“The key to the attack is that in many cases, the access request packets have no authentication or integrity checks,” InkBridge Networks’ documentation reads. “An attacker can then perform a chosen prefix attack, which allows the access request to be modified to replace a valid response with one chosen by the attacker.

“Although the response is authenticated and its integrity has been verified, the vulnerability of the chosen prefix allows the attacker to modify the response packet, almost at will.”

You can read a full technical description and proof of concept of a BlastRADIUS attack in this PDF.

How easy is it for an attacker to exploit the BlastRADIUS vulnerability?

While the BlastRADIUS flaw is widespread, exploiting it is not trivial; the attacker must be able to read, intercept, block, and modify incoming and outgoing network packets, and there is no publicly available exploit that they can fall back on. The attacker must also have existing network access, which could be acquired by leveraging an organization that sends RADIUS/UDP over the open Internet or by compromising part of the enterprise network.

“Even if RADIUS traffic is limited to a protected part of an internal network, configuration or routing errors could unintentionally expose this traffic,” researchers said on a dedicated BlastRADIUS website. “An attacker with partial network access could exploit DHCP or other mechanisms to cause victim devices to send traffic outside a dedicated VPN.”

Additionally, the attacker must be well-funded, as a significant amount of cloud computing power is needed to carry out each BlastRADIUS attack. InkBridge Networks states in its BlastRADIUS FAQ that such costs would be “a drop in the ocean for nation-states wishing to target specific users.”

How organizations can protect themselves from a BlastRADIUS attack

Security researchers have provided the following recommendations for organizations using the RADIUS protocol:

  • Install the latest updates on all RADIUS clients and servers made available by the vendor. Patches have been implemented to ensure that the Message-Authenticator attributes are always sent and are required for requests and responses. An updated version of FreeRADIUS is available.
  • Do not attempt to upgrade all RADIUS equipment at once, as this can cause errors. It is best to focus on upgrading the RADIUS servers first.
  • Consider using InkBridge Networks' verification tools that assess a system's exposure to BlastRADIUS and other network infrastructure issues.

More detailed instructions for system administrators can be found on the FreeRADIUS website.

scroll to top