Cyber security researchers have exposed a vulnerability in the RADIUS protocol, dubbed BlastRADIUS. While there is no evidence that threat actors are actively exploiting it, the team is calling for every RADIUS server to be upgraded.
A BlastRADIUS attack involves the attacker intercepting network traffic between a client, such as a router, and the RADIUS server. The attacker can then manipulate the MD5 hashing algorithm such that an Access-Denied network packet is read as Access-Accept. This provides them access to the client device without the correct login credentials.
A team of researchers from Boston University, Cloudflare, BastionZero, Microsoft Research, Centrum Wiskunde & Informatica and the University of California, San Diego first discovered the vulnerability in February and notified Alan DeKok, chief executive officer of InkBridge Networks and RADIUS expert.
The BlastRADIUS flaw, now tracked as CVE-2024-3596 and VU#456537, is due to a “fundamental design flaw of the RADIUS protocol,” according to a security announcement from the RADIUS server FreeRADIUS, maintained by DeKok. Therefore, it is not limited to a single product or vendor.
SEE: How to use FreeRADIUS for SSH authentication
“Network technicians will have to install a firmware upgrade and reconfigure essentially every switch, router, GGSN, BNG, and VPN concentrator around the world,” DeKok said in a press release. “We expect to see a lot of talk and activity related to RADIUS security in the next few weeks.”
What is the RADIUS protocol?
RADIUS, or Remote Authentication Dial-In User Service, is a networking protocol that provides centralised authentication, authorisation and accounting for users connecting to a network service. It is widely used by internet service providers and enterprises for switches, routers, access servers, firewalls and VPN products.
Who is affected by the BlastRADIUS flaw?
Researchers found that RADIUS deployments that use PAP, CHAP, MS-CHAP and RADIUS/UDP over the internet will be affected by the BlastRADIUS flaw. This means that ISPs, cloud identity providers, telecommunication companies and enterprises with internal networks are at risk and must take swift action, especially if RADIUS is used for administrator logins.
Individuals using the internet from home are not directly vulnerable, but they do rely on their ISP resolving the BlastRADIUS flaw, or else their traffic could be directed to a system under the attacker’s control.
Enterprises using PSEC, TLS or 802.1X protocols, as well as services like eduroam or OpenRoaming, are all considered safe.
How does a BlastRADIUS attack work?
Exploiting the vulnerability leverages a man-in-the-middle attack on the RADIUS authentication process. It hinges on the fact that, in the RADIUS protocol, some Access-Request packets are not authenticated and lack integrity checks.
An attacker will start by attempting to log in to the client with incorrect credentials, generating an Access-Request message that is sent to the server. The message is sent with a 16-byte value called a Request Authenticator, generated through MD5 hashing.
The Request Authenticator is intended to be used by the recipient server to compute its response along with a so-called “shared secret” that only the client and server know. So, when the client receives the response, it can decipher the packet using its Request Authenticator and the shared secret, and verify that it was sent by the trusted server.
But, in a BlastRADIUS attack, the attacker intercepts and manipulates the Access-Request message before it reaches the server in an MD5 collision attack. The attacker adds “garbage” data to the Access-Request message, ensuring the server’s Access-Denied response also includes this data. Then, they manipulate this Access-Denied response such that it is read by the client as a valid Access-Accept message, granting them unauthorised access.
While MD5 is well-known to have weaknesses that allow attackers to generate collisions or reverse the hash, the researchers say that the BlastRADIUS attack “is more complex than simply applying an old MD5 collision attack” and more advanced in terms of speed and scale. This is the first time an MD5 attack has been practically demonstrated against the RADIUS protocol.
Researchers at Cloudflare performed the attack on RADIUS devices with a timeout period of five minutes. However, there is scope for attackers with sophisticated computing resources to perform it in significantly less time, potentially between 30 and 60 seconds, which is the default timeout period for many RADIUS devices.
“The key to the attack is that in many cases, Access-Request packets have no authentication or integrity checks,” documentation from InkBridge Networks reads. “An attacker can then perform a chosen prefix attack, which allows modifying the Access-Request in order to replace a valid response with one chosen by the attacker.
“Even though the response is authenticated and integrity checked, the chosen prefix vulnerability allows the attacker to modify the response packet, almost at will.”
You can read a full technical description and proof-of-concept of a BlastRADIUS attack in this PDF.
How easy is it for an attacker to exploit the BlastRADIUS vulnerability?
While the BlastRADIUS flaw is pervasive, exploiting it is not trivial; the attacker needs to be able to read, intercept, block and modify inbound and outbound network packets, and there is no publicly-available exploit for them to refer to. The attacker also must have existing network access, which could be acquired by taking advantage of an organisation sending RADIUS/UDP over the open internet or by compromising part of the enterprise network.
“Even if RADIUS traffic is confined to a protected part of an internal network, configuration or routing mistakes might unintentionally expose this traffic,” the researchers said on a website dedicated to BlastRADIUS. “An attacker with partial network access may be able to exploit DHCP or other mechanisms to cause victim devices to send traffic outside of a dedicated VPN.”
Furthermore, the attacker must be well-funded, as a significant amount of cloud computing power is required to pull off each BlastRADIUS attack. InkBridge Networks states in its BlastRADIUS FAQs that such costs would be a “drop in the bucket for nation-states who wish to target particular users.”
How organisations can protect themselves from a BlastRADIUS attack
The security researchers have provided the following recommendations for organisations that use the RADIUS protocol:
- Install the latest updates on all RADIUS clients and servers made available by the vendor. Patches have been deployed to ensure Message-Authenticator attributes are always sent and required for requests and responses. There is an updated version of FreeRADIUS available for download, and Palo Alto Networks has also published fixes for its PAN-OS firewalls.
- Don’t try to update all the RADIUS equipment at once, as mistakes could be made. Ideally, concentrate on upgrading the RADIUS servers first.
- Consider using InkBridge Networks’ verification tools that assess a system’s exposure to BlastRADIUS and other network infrastructure issues.
More detailed instructions for system administrators can be found on the FreeRADIUS website.