Blast-RADIUS Attack Exploits RADIUS Authentication Protocol Vulnerability

July 9, 2024

A new form of attack, known as Blast-RADIUS, is exploiting a weakness in the widely adopted RADIUS/UDP protocol. This vulnerability allows potential threat actors to infiltrate networks and devices by carrying out man-in-the-middle MD5 collision attacks. The RADIUS (Remote Authentication Dial-In User Service) protocol, which is used for authentication and authorization, is employed in a multitude of networked devices such as switches, routers, and other routing infrastructure. These devices are often found in enterprise and telecommunication networks, sometimes numbering in the tens of thousands on a single network. The protocol has a broad range of applications, including use in DSL and FTTH (Fiber to the Home), 802.1X and Wi-Fi, 2G and 3G cellular roaming, 5G DNN (Data Network Name), private APN and VPN, and critical infrastructure networks.

The Blast-RADIUS attack capitalizes on a newly discovered protocol vulnerability (CVE-2024-3596) and an MD5 collision attack. This allows attackers who can access RADIUS traffic to manipulate server responses and add arbitrary protocol attributes. Consequently, they can gain administrative privileges on RADIUS devices without the need for brute force or credential theft. The researchers who discovered this vulnerability explained, 'The Blast-RADIUS attack allows a man-in-the-middle attacker between the RADIUS client and server to forge a valid protocol accept message in response to a failed authentication request. This forgery could give the attacker access to network devices and services without the attacker guessing or brute forcing passwords or shared secrets. The attacker does not learn user credentials. An adversary exploiting our attack can escalate privileges from partial network access to being able to log into any device that uses RADIUS for authentication, or to assign itself arbitrary network privileges.'

The RADIUS protocol utilizes MD5 hashed requests and responses for device authentication. The researchers have developed a proof-of-concept exploit, which calculates an MD5 chosen-prefix hash collision necessary to forge a valid 'Access-Accept' response, indicating a successful authentication request. This forged MD5 hash is then introduced into the network communication via the man-in-the-middle attack, allowing the attacker to log in. The exploit takes between 3 to 6 minutes to create this MD5 hash, which is longer than the 30 to 60-second timeouts typically used in practice for RADIUS. However, each step of the collision algorithm used in the attack can be effectively parallelized and is suitable for hardware optimization. This means that a well-resourced attacker could use GPUs, FPGAs, or other more modern and faster hardware to achieve much quicker running times, potentially tens or hundreds of times faster.

The researchers noted that while an MD5 hash collision was first demonstrated in 2004, it was not believed to be exploitable in the context of the RADIUS protocol. Their attack identifies a protocol vulnerability in the way RADIUS uses MD5 that allows the attacker to inject a malicious protocol attribute that produces a hash collision between the server-generated Response Authenticator and the attacker's desired forged response packet. They added, 'In addition, because our attack is online, the attacker needs to be able to compute a so-called chosen-prefix MD5 collision attack in minutes or seconds. The previous best reported chosen-prefix collision attack times took hours, and produced collisions that were not compatible with the RADIUS protocol.'

Since this attack does not compromise end-user credentials, there is little that end-users can do to protect against it. However, vendors and system administrators who manufacture and manage RADIUS devices are urged to follow certain best practices and guidance. To defend against this attack, network operators can upgrade to RADIUS over TLS (RADSEC), switch to 'multihop' RADIUS deployments, and isolate RADIUS traffic from internet access using restricted-access management VLANs or TLS/ IPsec tunneling.

Latest News

Like what you see?

Get a digest of headlines, vulnerabilities, risk context, and more delivered to your inbox.

Subscribe Below

By submitting this form, you’re giving us permission to email you. You may unsubscribe at any time.

Accelerate Security Teams

Continuously identify and prioritize the risks that are most critical in your environment, and validate that your remediation efforts are reducing risk. An always-on single source-of-truth of your assets, services, and vulnerabilities.