A new vulnerability in the RADIUS protocol, dubbed “BlastRADIUS,” allows attackers to perform man-in-the-middle (MitM) attacks by modifying certain Access-Request messages without detection. The flaw exploits the use of the outdated MD5 algorithm for hashing, which is susceptible to collision attacks. The vulnerability affects all standards-compliant RADIUS clients and servers, particularly those using PAP, CHAP, and MS-CHAPv2 authentication methods. Organizations are advised to update their RADIUS servers and networking equipment and to use TLS or IPSec to mitigate the risk.
Relevant URL: https://thehackernews.com/2024/07/radius-protocol-vulnerability-exposes.html