Blast-RADIUS exploits a vulnerability in the RADIUS protocol to enable man-in-the-middle attacks. Attackers can fake valid server responses by intercepting authentication requests and changing RADIUS packets with a chosen-prefix MD5 collision attack, which lets them get into network devices and services without permission.
It bypasses authentication methods like PAP, CHAP, and MS-CHAPv2 without needing to steal credentials, and its vulnerability affects RADIUS deployments that use non-EAP authentication methods over UDP.
This includes network authentication for switches, routers, VPN access, DSL/FTTH internet access, 802.1X/Wi-Fi authentication, cellular roaming, mobile Wi-Fi offload, private APN authentication, critical infrastructure access, and Eduroam/OpenRoaming Wi-Fi.
System administrators should patch RADIUS servers and follow best practices for secure configuration, while end users cannot mitigate this vulnerability themselves.
Researchers discovered a vulnerability in the RADIUS protocol that can be exploited to bypass authentication, which stems from the protocol’s reliance on an unencrypted MD5 hash for server response verification.
The attack leverages a combination of a specially crafted attribute in the request and a chosen-prefix collision in the MD5 hash function, which allows the attacker to manipulate a legitimate server response into a forged acceptance message, granting unauthorized access and enabling them to inject arbitrary attributes into the network communication.
RADIUS, a core network authentication protocol, utilizes a client-server model for user credential verification. Network Access Servers (NAS) act as RADIUS clients, sending authentication requests (including username, password, and a random nonce) to a central RADIUS server.
The server, equipped with a shared secret key with the NAS, validates the credentials, responds with either acceptance or rejection messages, and leverages attributes within requests and responses to convey details like usernames and network access permissions.
According to Blast Radius, the request packets contain a random value to prevent replay attacks, while the response packets include a separate value to ensure message integrity.
A man-in-the-middle attack against the RADIUS Response Authenticator exploits a chosen-prefix collision vulnerability in MD5 to forge a valid Access-Accept response from a failed authentication request.
By injecting a malicious Proxy-State attribute, the attacker forces the server to echo the crafted data, enabling the attacker to manipulate the Response Authenticator and gain unauthorized access without needing credentials.
An attacker exploits a weakness in the RADIUS protocol to gain unauthorized access, where the attacker intercepts a login attempt with a stolen username and a dummy password, creating a collision between a real rejection response and a forged acceptance response using MD5.
The attacker then injects the gibberish representing the forged response into the rejected response while keeping the original authenticator. The server, unaware of the trickery, validates the tampered response due to the collision, granting the attacker access despite not knowing the shared secret.