July 9, 2024 at 11:51AM
InkBridge Networks warned of a 30-year-old design flaw in RADIUS protocol enabling advanced attackers to bypass multi-factor authentication. The BlastRADIUS attack can authenticate anyone to a local network, posing major risks to corporate networks. The flaw, discovered by several research groups, allows attackers to modify access requests, making all RADIUS clients and servers vulnerable. InkBridge Networks urged immediate worldwide RADIUS server upgrades.
Based on the meeting notes, the key takeaways are:
– InkBridge Networks has discovered a thirty-year-old design flaw in the RADIUS protocol, which allows advanced attackers to launch exploits to authenticate anyone to a local network, bypassing multi-factor authentication (MFA) protections.
– The attack that has been termed as the BlastRADIUS attack can pose a major risk to corporate networks such as internal enterprise networks, Internet Service Providers (ISPs), and Telecommunications companies (telcos).
– The flaw was discovered by researchers at Boston University, Cloudflare, BastionZero, Microsoft Research, Centrum Wiskunde & Informatica, and the University of California, San Diego.
– The attack exploits the fact that some Access-Request packets in the RADIUS protocol are not authenticated and lack integrity checks, making it possible for an attacker to control who gains access to the network.
– All devices using the RADIUS protocol, such as switches, routers, access points, and VPN products, are likely to be vulnerable to this attack.
– InkBridge Networks strongly recommends upgrading all RADIUS servers worldwide to address this vulnerability, as upgrading only RADIUS clients will not address the vulnerability.
– The company has created a private proof-of-concept exploit, but there is no current indication that this vulnerability is being actively exploited in the wild.
– While the successful attack requires significant cloud computing power, the costs associated with the exploit are manageable for nation-states.
In conclusion, the meeting notes highlight the urgent need for attention to the newly discovered design flaw in the RADIUS protocol and emphasize the importance of upgrading RADIUS servers worldwide to address this critical vulnerability.