Blast-RADIUS: Security vulnerability in the RADIUS network protocol published

Blast-RADIUS: Security vulnerability in the RADIUS network protocol published

Security researchers at two universities in the USA and at Microsoft have published a vulnerability in the RADIUS network authentication protocol (CVE-2024-3596), which allows an attacker to log into a network with arbitrary privileges without knowing the required password. To accomplish this, the attacker must connect as a man-in-the-middle (MITM) between the local and central server of the RADIUS installation, which must not handle its authentication via the Extensible Authentication Protocol (EAP). The researchers have named the new vulnerability Blast-RADIUS.

Anzeige


So far, the attack is more of a theoretical nature, as the researchers have not managed to carry it out in the time that a typical RADIUS installation allows for such an attack. However, this could change quickly if a determined attacker were to use the appropriate hardware resources to speed up the necessary calculations. In order not to make it too easy for any attackers, the researchers have so far kept their specific attack code secret.

The RADIUS protocol is primarily used in the corporate environment to manage devices in large networks – including for LAN and WLAN logins of computers and mobile devices, to manage VPN access and to restrict access to security-critical network infrastructure. Internet service providers use RADIUS to perform logins for DSL, fiber optic and mobile connections. The protocol is also used by Eduroam and OpenRoaming to provide users with dynamic access to WLANs. For example, students and university staff with Eduroam access can log their devices into the WLAN at thousands of universities around the world using their home access data. Fortunately, the Blast RADIUS vulnerability does not affect the Eduroam network, as it has long prescribed security precautions that take the wind out of the sails of the current vulnerability.

A Radius installation usually consists of a local server that communicates (usually via the Internet) with a central server that manages all known user accounts in the installation. The server in the local network is referred to as a client or network access server (NAS) in the context of the RADIUS protocol. To log in to a specific network, the network device that wants to log in sends a request with its username and password to the client. The client then sends this data to the server in a so-called access request.

The server checks the username and password and then either sends an Access Accept message back to the client or, if the data is incorrect or the user’s access to the infrastructure has been revoked, an Access Reject message. The client then allows the device to join the network or not, depending on whether an accept or reject was received. In addition to access to the network, the server also tells the client which privileges the respective device has –, i.e. which resources in the network it is allowed to access and how.

Various protocols can be used for authentication between client and server. Some of them use the outdated MD5 hashing algorithm without protective measures against hash collisions. The vulnerability discovered by researchers at Boston University, UC San Diego and Microsoft Research exploits long-known weaknesses in the MD5 algorithm to interfere with and manipulate this communication.

To carry out the attack, the attacker must place himself in a man-in-the-middle position between the RADIUS client and the RADIUS server. To do this, he must first break any encryption that supports the data traffic between these two locations. Then he enters the network of the RADIUS installation to be attacked with another device and sends the client there a login request with any password. When the client communicates with the server to check this request, the attacker’s system in the MITM position intercepts this request.

The attacker then calculates a hash collision using known MD5 vulnerabilities. The researchers have developed improvements for the open-source tool Hashclash and made them available to the general public. The calculated hash allows the attacker to forge a matching access-accept message instead of the access-reject message that the server actually sends to the client. The MITM system deletes the reject message and sends the accept message to the client instead. Thanks to the valid hash, the client now thinks that the server has waved the login through. It lets the attacker’s network device into the local network. Thanks to this trick, the attacker can not only log in the device, but also assign it any rights in the network – depending on what is provided for in the local RADIUS infrastructure.

According to the researchers, common RADIUS installations use a timeout of 30 to 60 seconds for this authentication process. However, the researchers needed 3 to 6 minutes for their hash collision. However, they assume that the calculation of the corresponding hashes can be significantly accelerated by using graphics cards or field-programmable gate arrays (FPGAs). Exact technical details of the attack can be found on the website that the researchers have created for the vulnerability. Proof-of-concept code is not yet available.

Users cannot protect themselves from this security vulnerability; network administrators must secure the RADIUS installation themselves. All major RADIUS software manufacturers have already released updates for this purpose, which should be installed as soon as possible. Administrators who can force the message authenticator attribute for all packets in their installation should do so, as this prevents the security gap, according to the researchers. A corresponding change to the RADIUS protocol has been suggested by the researchers and is to be incorporated into an upcoming RFC so that new versions of the RADIUS protocol are secured accordingly by default.

To further increase the security of RADIUS installations, connections between client and server should be secured with modern encryption (such as TLS 1.3). This makes man-in-the-middle attacks such as the vulnerability described here more difficult. RADIUS installations that use EAP for authentication are, according to current knowledge, not vulnerable via Blast-RADIUS – this is the case in the Eduroam network or when using WPA-Enterprise, for example.


(vbr)

Don’t miss any news – follow us on
Facebook,
LinkedIn or
Mastodon.

This article was originally published in

German.

It was translated with technical assistance and editorially reviewed before publication.

link