A critical vulnerability in the widely used RADIUS authentication protocol could allow attackers to gain unauthorized access to networks and devices, researchers have discovered. The flaw, dubbed “Blast-RADIUS,” affects a protocol that has functioned as a cornerstone of modern network infrastructure.
RADIUS, which stands for Remote Authentication Dial-In User Service, is used by nearly every switch, router, access point and VPN concentrator sold in the last 20 years. It verifies user credentials for remote access to networked devices. including network routers and switches, industrial control systems, VPNs, ISPs using DSL or FTTH, 2G and 3G cellular roaming, and 5G DNN authentication
The Blast-RADIUS Attack
Researchers from several universities along with some private firms discovered that a man-in-the-middle attacker could exploit a weakness in how the RADIUS protocol authenticates server responses. By injecting malicious data into a legitimate authentication request, an attacker can forge a valid “Access-Accept” message in response to a failed login attempt.
This allows the attacker to transform a reject into an accept, and assign themselves arbitrary network privileges. The attack is made by the abuse of the MD5 hash function, which has been known to be vulnerable to chosen-prefix collisions. The attacker can use this collision to create a modified Response Authenticator that matches the authentic one generated by the server, without requiring any knowledge of the shared secret between the client and server.
While MD5 hash collisions have been known since 2004, the researchers state that their attack technique is much more complex than older forms of MD5 collision attacks. Further, MD5 collision was not previously thought of as a possible way to exploit the RADIUS protocol.
The new attack technique requires the use of the internet, with the attacker having to compute for the chosen-prefix MD5 collision attack in a matter of mere minutes or seconds. The researchers state that the best previously reported chosen-prefix collision attack typically took hours of operation to produce, collisions that were not found to be compatible with the RADIUS protocol.
The researchers’ Blast-RADIUS attack technique incorporates several improvements in speed, space, and scaling ahead of existing MD5 attacks, demonstrating that they can occur in shorter intervals to compromise the popular RADIUS protocol.
While the proof-of-concept attacks described in the paper took about 3 to 6 minutes for MD5 chosen-prefix hash collision computation, longer than the 30- to 60-second timeouts commonly used in practice for RADIUS, each step of the new collision algorithm parallelizes rather well and allows for further hardware optimization. The researchers expect that a well-resourced attacker could obtain computational processing times tens or hundreds of times faster by running the attack on better GPUs, FPGAs, or other optimal hardware.
The Blast-RADIUS attack technique affects all known RADIUS implementations that use non-EAP authentication methods over UDP, including the common FreeRADIUS implementation.
The researchers disclosed details of the vulnerability to the IETF (Internet Engineering Task Force) and CERT( Computer Emergency Readiness Team) and expect patches for mitigations in the Message-Authenticator specifications from major implementations of the RADIUS protocol.
RADIUS Mitigation and Future Outlook
The IETF RADEXT working group is said to be working on pushing for the standardization of the RADIUS protocol as more secure alternative, which the researchers state would help mitigate against the Blast-RADIUS vulnerability.
While the researchers note that major RADIUS implementations are working on releasing various patches to mitigate the vulnerability, they said the attack demonstrates the need to scrap and move away from the aging protocol entirely.
In the meantime, the researchers urge system administrators to check with vendors for possible patches against the vulnerability and to follow best practices for secure RADIUS configuration.
The Blast-RADIUS attack serves as a reminder that even long-standing protocols can harbor critical flaws. The research demonstrates that as networks deployments grow more complex, there must be continued scrutiny of these technologies to maintain security.
