News Blast-RADIUS attack breaks RADIUS protocol

[Jesse Viviano]

The Blast-RADIUS attack breaks the RADIUS protocol that is used in various WPA-Enterprise protocols when it runs over plain UDP by attacking the use of the broken MD5 hash within the RADIUS protocol. The website for this attack is at https://www.blastradius.fail/ . News stories that report on this attack can be found at https://arstechnica.com/security/20...ear-old-protocol-used-in-networks-everywhere/ and https://www.bleepingcomputer.com/ne...k-bypasses-widely-used-radius-authentication/ .

EDIT: While the paper at https://www.blastradius.fail/pdf/radius.pdf shows that this does not break WPA-Enterprise yet due to other parts of the WPA-Enterprise protocols keeping them secure, this could become a link in a chain of attacks to break WPA-Enterprise if other parts don't hold up.

 

[sfx2000]

Things like this are always interesting... RADIUS and DIAMETER, both are intended to be used on trusted networks...

If someone is doing DIAMETER or RADIUS over the public internet without some level of security at the transport layer, all bets are off... and this is what the the report states...

In large scale deployments for RADIUS and DIAMETER, end-points are usually secured at least one layer below RADIUS - L2TP is one approach, DTLS over STCP is another (DLTS allows for UDP over a TLS secured link).

By running the RADIUS/DIAMETER services over trusted lower layers, it's not really a problem.