#blastradius — Public Fediverse posts
Live and recent posts from across the Fediverse tagged #blastradius, aggregated by home.social.
-
Upcoming USENIX Security 2024:
✅Tldr:
802.1X - Radius based device authentication for LAN & 🛜via UDP [aka Radius NAC] is proven unfixable broken and finally dead.DO NOT USE!
✅Tech Details:
https://www.blastradius.fail/pdf/radius.pdf✅Executive Summary:
https://www.blastradius.fail -
Das Sommerloch hält immer wieder Überraschungen bereit. Dieses Mal ist RADIUS kaputt. Wir greifen das Thema auf und sprechen über #BlastRADIUS. Viel Spaß dabei! #Wartungsfenster https://wartungsfenster.podigee.io/64-netzwerker-ein-leben-im-explosionsradius
-
#Cisco: #SecureBoot bei einigen Routern umgehbar, Anfälligkeit auf #RADIUS-Lücke | Security https://www.heise.de/news/Cisco-Secure-Boot-bei-einigen-Routern-umgehbar-Anfaelligkeit-auf-RADIUS-Luecke-9797349.html #Patchday #BlastRADIUS
-
This Week in Security: Blast-RADIUS, Gitlab, and Plormbing https://hackaday.com/2024/07/12/this-week-in-security-blast-radius-gitlab-and-plormbing/ #ThisWeekinSecurity #HackadayColumns #SecurityHacks #BlastRADIUS #RegreSSHion #News
-
This Week in Security: Blast-RADIUS, Gitlab, and Plormbing - The RADIUS authentication scheme, short for “Remote Authentication Dial-In User Se... - https://hackaday.com/2024/07/12/this-week-in-security-blast-radius-gitlab-and-plormbing/ #thisweekinsecurity #hackadaycolumns #securityhacks #blastradius #regresshion #news
-
New #BlastRADIUS attack bypasses widely-used #RADIUS #authentication
Many networked devices on enterprise and telecommunication networks use the authentication and authorization RADIUS (Remote Authentication Dial-In User Service), sometimes tens of thousands of devices on a single network.
Among its wide range of applications, the protocol is used for authentication in DSL and FTTH, 802.1X and Wi-Fi, 2G and 3G cellular roaming, 5G, APN and VPN, and critical infrastructure
https://www.bleepingcomputer.com/news/security/new-blast-radius-attack-bypasses-widely-used-radius-authentication/ -
#BlastRADIUS: Sicherheitslücke im Netzwerkprotokoll #RADIUS veröffentlicht | Security https://www.heise.de/news/Blast-RADIUS-Sicherheitsluecke-im-Netzwerkprotokoll-RADIUS-veroeffentlicht-9797185.html
-
Palo Alto Networks Addresses BlastRADIUS Vulnerability, Fixes Critical Bug in Expedition Tool https://www.securityweek.com/palo-alto-networks-addresses-blastradius-vulnerability-fixes-critical-bug-in-expedition-tool/ #NetworkSecurity #Vulnerabilities #vulnerabilities #BlastRADIUS
-
Palo Alto Networks Addresses BlastRADIUS Vulnerability, Fixes Critical Bug in Expedition Tool https://www.securityweek.com/palo-alto-networks-addresses-blastradius-vulnerability-fixes-critical-bug-in-expedition-tool/ #NetworkSecurity #Vulnerabilities #vulnerabilities #BlastRADIUS
-
Blast-RADIUS Vulnerability Affects Widely-Used RADIUS Authentication Protocol https://thecyberexpress.com/blast-radius-vulnerability-radius-protocol/ #TheCyberExpressNews #CybersecurityNews #TheCyberExpress #FirewallDaily #BlastRADIUS #protocol #network #RADIUS
-
Ancient, widely used protocol has CVSS 9.0 vulnerability: #BlastRADIUS.
#RADIUS, the protocol nobody thinks much about, has a critical bug. This 1990s authentication/authorization standard has the potential to cause widespread pain and anguish, thanks to how it’s deeply embedded into countless bits of networking gear.
IT/DevOps staff can look forward to some canceled vacay. In #SBBlogwatch, we wonder what else is lurking to bite us. At @TechstrongGroup’s @SecurityBlvd: https://securityboulevard.com/2024/07/blast-radius-mitm-md5-richixbw/?utm_source=richisoc&utm_medium=social&utm_content=richisoc&utm_campaign=richisoc
-
Im verbreiteten Authentifizierungsprotokoll RADIUS wurde eine Schwachstelle gefunden, die eine weitgehende Kompromittierung der damit gesicherten Netzwerke ermöglicht. Eine Ausnutzung ist jedoch aufwändig, komplex und nur unter bestimmten Bedingungen möglich.
Genauere Details zur Schwachstelle in Text- und Videoform auch beim @DFN
-
🔐 #BLASTRADIUS – Forschende der Boston University & UC San Diego haben eine #Schwachstelle im #RADIUS Protokoll entdeckt. Was dahintersteckt, wie der Angriff technisch funktioniert & was dagegen hilft, verrät das 📹 Video von unserem Kollegen @janfred
-
Das #RADIUS-Protokoll ist per Design unsicher. Damit sind zahlreiche Netzwerke - bis hin zu großen Infrastrukturen durch #BlastRADIUS-Angriffe gefährdet. https://winfuture.de/news,143850.html?utm_source=Mastodon&utm_medium=ManualStatus&utm_campaign=SocialMedia
-
Yesterday, a new vulnerability was disclosed on some mailing lists dubbed #BlastRADIUS. It requires to be a man in the middle between the #RADIUS client and server.
My initial thought is, that this wouldn't affect too many networks, since the adversary would already need to be within the network. But then I read that FTTH & DSL would be affected too. The home routers which are authenticating to the ISP?!! Wouldn't every service provider be at risk, if they don't use RADIUS over TLS or TCP?
The attack description and paper link here:
https://www.blastradius.fail/ -
Huh, the Openwall oss-security mailing list sure is quiet about BlastRADIUS.
-
In a somewhat unusual move, the company who sells one of the primary vulnerable products is charging money for tools to detect the vulnerability, with tool+support pricing ranging from US$150 for a guide+worksheet, US$400 for the verification tool, and $23K for carrier-level support.
https://www.inkbridgenetworks.com/blastradius
To be fair, it's a two-person company, and its technical lead was instrumental in analysis and fix of the vulnerability.
-
RADIUS protocol vulnerable to new Blast-RADIUS attack
https://stackdiary.com/radius-protocol-vulnerable-to-new-blast-radius-attack/
#BlastRADIUS #Cybersecurity #NetworkSecurity #RADIUS #Vulnerability #MD5 #UDP #Hack #ManInTheMiddle #Encryption #Authentication #Authorization #SecurityThreat #DataBreach #CyberAttack #NetworkProtection #SecureNetworks #TLS #SecurityPatch #NetworkAdmin #TechNews #ITSecurity #DigitalDefense #Infosec #SecureProtocol #CryptoStandards #SecurityUpdate #TechSecurity #NetworkSafety #CyberDefense #DataSecurity
-
RADIUS protocol vulnerable to new Blast-RADIUS attack
https://stackdiary.com/radius-protocol-vulnerable-to-new-blast-radius-attack/
#BlastRADIUS #Cybersecurity #NetworkSecurity #RADIUS #Vulnerability #MD5 #UDP #Hack #ManInTheMiddle #Encryption #Authentication #Authorization #SecurityThreat #DataBreach #CyberAttack #NetworkProtection #SecureNetworks #TLS #SecurityPatch #NetworkAdmin #TechNews #ITSecurity #DigitalDefense #Infosec #SecureProtocol #CryptoStandards #SecurityUpdate #TechSecurity #NetworkSafety #CyberDefense #DataSecurity
-
RADIUS protocol vulnerable to new Blast-RADIUS attack
https://stackdiary.com/radius-protocol-vulnerable-to-new-blast-radius-attack/
#BlastRADIUS #Cybersecurity #NetworkSecurity #RADIUS #Vulnerability #MD5 #UDP #Hack #ManInTheMiddle #Encryption #Authentication #Authorization #SecurityThreat #DataBreach #CyberAttack #NetworkProtection #SecureNetworks #TLS #SecurityPatch #NetworkAdmin #TechNews #ITSecurity #DigitalDefense #Infosec #SecureProtocol #CryptoStandards #SecurityUpdate #TechSecurity #NetworkSafety #CyberDefense #DataSecurity
-
RADIUS protocol vulnerable to new Blast-RADIUS attack
https://stackdiary.com/radius-protocol-vulnerable-to-new-blast-radius-attack/
#BlastRADIUS #Cybersecurity #NetworkSecurity #RADIUS #Vulnerability #MD5 #UDP #Hack #ManInTheMiddle #Encryption #Authentication #Authorization #SecurityThreat #DataBreach #CyberAttack #NetworkProtection #SecureNetworks #TLS #SecurityPatch #NetworkAdmin #TechNews #ITSecurity #DigitalDefense #Infosec #SecureProtocol #CryptoStandards #SecurityUpdate #TechSecurity #NetworkSafety #CyberDefense #DataSecurity
-
RADIUS protocol vulnerable to new Blast-RADIUS attack
https://stackdiary.com/radius-protocol-vulnerable-to-new-blast-radius-attack/
#BlastRADIUS #Cybersecurity #NetworkSecurity #RADIUS #Vulnerability #MD5 #UDP #Hack #ManInTheMiddle #Encryption #Authentication #Authorization #SecurityThreat #DataBreach #CyberAttack #NetworkProtection #SecureNetworks #TLS #SecurityPatch #NetworkAdmin #TechNews #ITSecurity #DigitalDefense #Infosec #SecureProtocol #CryptoStandards #SecurityUpdate #TechSecurity #NetworkSafety #CyberDefense #DataSecurity
-
BlastRADIUS Attack Exposes Critical Flaw in 30-Year-Old RADIUS Protocol https://www.securityweek.com/blastradius-attack-exposes-critical-flaw-in-30-year-old-radius-protocol/ #InkBridgeNetworks #Identity&Access #NetworkSecurity #maninthemiddle #BlastRADIUS #RADIUS
-
BlastRADIUS Attack Exposes Critical Flaw in 30-Year-Old RADIUS Protocol https://www.securityweek.com/blastradius-attack-exposes-critical-flaw-in-30-year-old-radius-protocol/ #InkBridgeNetworks #Identity&Access #NetworkSecurity #maninthemiddle #BlastRADIUS #RADIUS
-
BlastRADIUS Attack Exposes Critical Flaw in 30-Year-Old RADIUS Protocol https://www.securityweek.com/blastradius-attack-exposes-critical-flaw-in-30-year-old-radius-protocol/ #InkBridgeNetworks #Identity&Access #NetworkSecurity #maninthemiddle #BlastRADIUS #RADIUS
-
BlastRADIUS Attack Exposes Critical Flaw in 30-Year-Old RADIUS Protocol https://www.securityweek.com/blastradius-attack-exposes-critical-flaw-in-30-year-old-radius-protocol/ #InkBridgeNetworks #Identity&Access #NetworkSecurity #maninthemiddle #BlastRADIUS #RADIUS
-
BlastRADIUS Attack Exposes Critical Flaw in 30-Year-Old RADIUS Protocol https://www.securityweek.com/blastradius-attack-exposes-critical-flaw-in-30-year-old-radius-protocol/ #InkBridgeNetworks #Identity&Access #NetworkSecurity #maninthemiddle #BlastRADIUS #RADIUS
-
BlastRADIUS Attack Exposes Critical Flaw in 30-Year-Old RADIUS Protocol https://www.securityweek.com/blastradius-attack-exposes-critical-flaw-in-30-year-old-radius-protocol/ #InkBridgeNetworks #Identity&Access #NetworkSecurity #maninthemiddle #BlastRADIUS #RADIUS
-
BlastRADIUS Attack Exposes Critical Flaw in 30-Year-Old RADIUS Protocol https://www.securityweek.com/blastradius-attack-exposes-critical-flaw-in-30-year-old-radius-protocol/ #InkBridgeNetworks #Identity&Access #NetworkSecurity #maninthemiddle #BlastRADIUS #RADIUS
-
BlastRADIUS Attack Exposes Critical Flaw in 30-Year-Old RADIUS Protocol https://www.securityweek.com/blastradius-attack-exposes-critical-flaw-in-30-year-old-radius-protocol/ #InkBridgeNetworks #Identity&Access #NetworkSecurity #maninthemiddle #BlastRADIUS #RADIUS
-
Definitely recommend using one-string name "BlastRADIUS" over "Blast-RADIUS".
Lots of use of the regular phrase all over the Internet makes it harder to sift through (most search engines treat hyphens as if they were spaces).
FWIW Mark Stevens, one of the authors, uses #BlastRADIUS
-
Separate reply to my BlastRADIUS summary post above
(https://infosec.exchange/@tychotithonus/112756492570080182)for references (please boost that summary, not this post, so that you are not bothered by frequent updates to this post)
Tech refs:
Full paper, required reading:
https://www.blastradius.fail/pdf/radius.pdfPending USENIX Security talk (title under embargo):
https://www.usenix.org/conference/usenixsecurity24/presentation/goldbergVendor Guide from InkBridge, FreeRADIUS maintainers:
https://www.inkbridgenetworks.com/web/content/2557?unique=47be02c8aed46c53b0765db185320249ad873d95Matthew Green analysis:
https://ioc.exchange/@matthew_d_green/112758481314113247Confirrmed related speedups in hashclash, the MD5 collision framework by Stevens:
https://github.com/cr-marcstevens/hashclash/pull/37
(Confirmed by: https://infosec.exchange/@goldbe/112758028311200278)Vuln refs: (CVE created 2024-04-10)
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-3596
https://vulmon.com/vulnerabilitydetails?qid=CVE-2024-3596
https://nvd.nist.gov/vuln/detail/CVE-2024-3596
https://www.cvedetails.com/cve/CVE-2024-3596/
https://www.cyber.gc.ca/en/alerts-advisories/radius-protocol-susceptible-forgery-attacks
https://www.kb.cert.org/vuls/id/456537 (includes vendor list!)
https://www.tenable.com/cve/CVE-2024-3596
Updated software:
(expect anything speaking RADIUS to patch - see https://www.kb.cert.org/vuls/id/456537)Amazon:
https://explore.alas.aws.amazon.com/CVE-2024-3596.htmlArista (TBA, will be here):
https://www.arista.com/en/support/advisories-noticesBroadcom (MFDSA24562, paywalled):
https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/24562
https://community.broadcom.com/events/event-description?CalendarEventKey=9d077673-941d-4418-99d2-0190985b224d&CommunityKey=c581dd20-140f-4708-b335-eaacc07d6802&Home=%2Fevents%2FcalendarD-Link (TBA, will be here):
https://support.dlink.com/index.aspxDebian (thread only):
https://www.mail-archive.com/debian-bugs-d[email protected]/msg1979467.htmlFreeRADIUS (affected):
https://www.networkradius.com/packages/Juniper (affected):
TBA. RADIUS/TLS supported to mitigate.Microsoft (Affected, Windows Server RADIUS, and clients):
https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2024-3596
https://support.microsoft.com/en-us/topic/kb5040268-how-to-manage-the-access-request-packets-attack-vulnerability-associated-with-cve-2024-3596-a0e2f0b1-f200-4a7b-844f-48d1d5ab9e66Nokia (affected):
TBAOkta (affected):
TBAOpenVPN:
Access Server Affected, TBAPalo Alto (affected):
https://security.paloaltonetworks.com/CVE-2024-3596Radiator (affected):
https://radiatorsoftware.com/blastradius-vulnerability-fixed-in-radiator-v4-29/
https://blog.radiatorsoftware.com/2024/07/radiator-429-released.htmlRedHat (FreeRADIUS):
https://bugzilla.redhat.com/show_bug.cgi?id=2263240Siemens (affected):
https://cert-portal.siemens.com/productcert/html/ssa-723487.html
https://www.siemens.com/global/en/products/services/cert/news/radius-advisory-and-the-benefits-of-productcerts-improved-formats.htmlSonicwall (affected):
https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2024-0014SUSE (affected):
https://www.suse.com/security/cve/CVE-2024-3596.html
https://www.suse.com/support/update/announcement/2024/suse-su-20242361-1/Ubiquiti (affected):
https://community.ui.com/questions/BlastRADIUS-Vulnerability-Ubiquiti-exploitable/64c8f2a1-3378-4032-a2f1-ff1c40fcedbaProject's own advisory list here:
https://www.blastradius.fail/coverage.htmlThreads
https://mailman.nanog.org/pipermail/nanog/2024-July/225946.html
https://www.openwall.com/lists/oss-security/2024/07/09/4
https://news.ycombinator.com/item?id=40915112
News
https://alandekok.com/blastradius-neutralized-experts-at-inkbridge-networks-provide-fix-for-critical-network-vulnerability/ (InkBridge press release, includes signup for Q&A webinar)
https://www.cwi.nl/en/news/vulnerability-demonstrated-in-radiusudp-network-protocol/ (this is where Marc Stevens, one of the collision researchers, works)
https://www.helpnetsecurity.com/2024/07/09/blastradius-radius-protocol-vulnerability/
https://thehackernews.com/2024/07/radius-protocol-vulnerability-exposes.html
https://www.csoonline.com/article/2515232/md5-attack-puts-radius-networks-everywhere-at-risk.html
https://www.theregister.com/2024/07/10/radius_critical_vulnerability
https://securityboulevard.com/2024/07/blast-radius-mitm-md5-richixbw/
Project's own article list here:
https://www.blastradius.fail/coverage.htmlAuthors
Adam Suhl:
https://cseweb.ucsd.edu/~asuhl/Mark Stevens:
https://www.marc-stevens.nl/research/Sharon Goldberg:
https://linkedin.com/in/sharon-goldberg-002803143/Mastodon links:
https://infosec.exchange/@goldbe/112756472064770893 (co-author)
-
Cloudflare and collaborators discover fundamental RADIUS/UDP vulnerability CVE-2024-3596 due to use of MD5 ("Blast-RADIUS" MitM attack). (Includes new Stevens / Heninger et al faster MD5 chosen-prefix collision attack!). AKA "Blast-RADIUS".
https://blog.cloudflare.com/radius-udp-vulnerable-md5-attack
https://www.blastradius.fail/
https://www.blastradius.fail/pdf/radius.pdf
https://www.blastradius.fail/attack-detailsImpact: "a local attacker [...] can modify any valid Response (Access-Accept, Access-Reject, or Access-Challenge) to any other response" (from CVE). It's basically an "auth as anyone" bug.
Short-term fix: patch RADIUS/UDP. Major RADIUS vendors said to have coordinated fixes in advance of announcement. Spec also rewritten to address, see https://www.inkbridgenetworks.com/blastradius/faq (from DeKok, author of the revised RADIUS/UDP spec and FreeRADIUS maintainer, essential reading). “ISPs will have to upgrade their RADIUS servers and networking equipment." - DeKok
Long-term fix: move to RADIUS/TLS, or isolate/tunnel RADIUS traffic
Non-mitigations: MFA, TACACS+, others (see paper)
Affected: PAP, CHAP, MS-CHAPv2, other non-EAP protocols
Not affected: RADIUS/TLS, 802.1X, IPSec, Eduroam, OpenRoaming
CVE: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-3596
Urgency: Seems to take non-trivial amount of compute and prep, plus privileged network vantage point, so "patch normally", not "drop everything", IMO so far. But I also expect RADIUS regularly traverses untrusted networks, so I wouldn't procrastinate, either. Less vulnerable if using EAP, but even that is not a good mitigation, because MitM access can be used to alter the packets.
Patching logistics: both clients and servers seem to need patching. Major vendors had warning and have been working on fixes under embargo. Links for some in reply below as I learn them.
Exploit: none known, PoC only.
With the collision speedup, this also means anything else still vulnerable due to MD5 just got weaker.
Authors scheduled to present paper at USENIX Security Aug 14-16 (title still under embargo):
https://www.usenix.org/conference/usenixsecurity24/presentation/goldbergTech and news refs (separate reply to minimize post churn):