A team of security researchers has discovered a significant vulnerability in the widely used RADIUS (Remote Authentication Dial-In User Service) protocol. This vulnerability could potentially allow attackers to gain unauthorised access to network devices. Cloudflare staff detailed the findings in a blog post, highlighting the ongoing challenges of maintaining security in long-standing network protocols.
RADIUS, first designed in 1991, remains a vital authentication protocol for remote access to routers, switches, and other networking equipment. Despite advancements in cryptography, RADIUS has continued to rely on outdated security measures, particularly when used over UDP (User Datagram Protocol).
The newly discovered vulnerability, dubbed "Blast-RADIUS," exploits weaknesses in the MD5 cryptographic hash function, which has been known to be vulnerable since 2004. The attack allows a malicious actor positioned between a RADIUS client and server to manipulate authentication responses, potentially granting unauthorised administrative access to network devices.
Researchers from the University of California San Diego, CWI Amsterdam, Microsoft, and BastionZero collaborated on developing the attack. In response, CERT has assigned CVE-2024-3596 and VU#456537 to the vulnerability.
The attack targets the RADIUS Response Authenticator, an ad hoc message authentication code based on MD5. By leveraging improved MD5 collision techniques, attackers can forge valid RADIUS responses, turning Access-Reject messages into Access-Accept messages without knowing the shared secret between client and server.
To execute the attack, researchers had to overcome several challenges:
- Optimising MD5 collision attacks to work quickly enough on packets in flight
- Adapting the attack to fit within RADIUS protocol constraints
- Ensuring the attack works within the RADIUS/UDP packet format
The team demonstrated a proof-of-concept attack that could run in under five minutes using a cluster of ageing CPU cores and low-end GPUs. While this timeframe exceeds typical RADIUS timeout settings, the researchers note that a well-resourced attacker could optimise the attack further to work against default timeout configurations.
The vulnerability affects all RADIUS/UDP authentication modes except those using the Extensible Authentication Protocol (EAP). RADIUS traffic sent over TLS (sometimes called RADSEC) is not vulnerable to this specific attack.
In light of these findings, the researchers recommend several mitigations:
- Transitioning to RADIUS over TLS provides the most robust protection against this and potential future MD5-based attacks.
- For RADIUS/UDP deployments, the Message-Authenticator attribute (which uses HMAC-MD5) must be required and validated in all packets. This mitigation requires updates to both RADIUS clients and servers.
- Isolating RADIUS traffic on restricted-access management VLANs or tunnelling it over TLS or IPsec to make it more difficult for attackers to access.
The researchers emphasise that switching to RADIUS/TCP offers no security benefits, as it remains vulnerable to the same attack.
The researchers note that updating widely deployed network protocols like RADIUS can be challenging, especially given its use in legacy devices that may be difficult to upgrade. The hope is that this research will prompt network operators to review their RADIUS deployments and take advantage of patches released by vendors in response to this work. As cryptographic attacks continue to improve, constructions once considered "secure enough" may become vulnerable to practical exploits.
Writing on Reddit, user RandomMagnet notes that:
"This isn't really new right? I mean it's a MITM leveraging MD5's weakness..."
User Skylis goes on to contextualise the vulnerability:
"If someone can MITM the auth packets from your network gear, you have bigger problems."
While the immediate focus is on mitigating this specific vulnerability, the broader implication is the need for continued vigilance and proactive updating of security protocols across the networking industry. As attacks become more sophisticated, the gap between theoretical vulnerabilities and practical exploits continues to narrow. The researchers' work shows the value of collaborative efforts between academia and industry in identifying and addressing critical security issues in widely deployed technologies.