Black Arrow Cyber Advisory 11 July 2024 – BlastRADIUS Authentication Bypass Vulnerability
Executive summary
A vulnerability, known as BlastRADIUS, affecting the RADIUS networking protocol, a networking protocol used across various applications, including VPNs, Wi-Fi and home connections from ISPs, has recently been disclosed by researchers. The vulnerability (CVE-2024-3596) potentially allows a malicious actor to bypass authentication via man-in-the-middle (MITM) attacks.
What’s the risk to me or my business?
If an attacker successfully exploits this vulnerability, they can escalate privileges from partial network access to be able to log into any device that uses RADIUS for authentication, or to assign itself arbitrary network privileges. To exploit this vulnerability an attacker would require network access to a network that is utilising RADIUS.
What can I do?
In the short term, implementers and vendors are advised to mandate that both clients and servers consistently send and require Message-Authenticator attributes for all requests and responses, with the Message-Authenticator being the first attribute included in Access-Accept or Access-Reject responses. Researchers have noted that this mitigation strategy has been adopted by all known RADIUS patches. This recommendation is set to be included in an upcoming RADIUS RFC. For long-term mitigations, the implementation of RADIUS over TLS (RadSec) is suggested, as it provides a stronger encrypted stream to protect RADIUS packets.
Technical Summary
CVE-2024-3569 – This vulnerability is in the RADIUS protocol and allows a malicious local actor to perform forgery attacks, modifying any valid response (Access-Accept, Access-Reject, or Access-Challenge) to any other response using a chosen-prefix collision attack against an MD5 Response authenticator signature.
Further information on the Blast-RADIUS vulnerability can be found here:
https://www.theregister.com/2024/07/10/radius_critical_vulnerability/
Further information on the technical breakdown on this vulnerability can be found here:
https://www.blastradius.fail/pdf/radius.pdf
Need help understanding your gaps, or just want some advice? Get in touch with us.
#threatadvisory #threatintelligence #cybersecurity