Old encryption technique in RADIUS protocol opens doors for hackers - #BlastRADIUS
A critical vulnerability dubbed "Blast-RADIUS" (CVE-2024-3596) has been discovered in the widely-used RADIUS protocol for network authentication. The flaw exploits weaknesses in the MD5 hashing algorithm and the lack of proper authentication, enabling man-in-the-middle attacks that allow unauthorized network access. Attackers can forge legitimate responses and gain administrative privileges without needing credentials. RADIUS is essential for corporate networks, VPNs, ISPs, and telecom infrastructure, making the impact significant. Mitigations include enabling Message-Authenticator attributes, transitioning to secure protocols like RADIUS over TLS, and strengthening encryption. Vendors are releasing patches, but the vulnerability underscores the need for modern cryptographic security in critical protocols.