This is an AI translated post.
Critical Flaw Discovered in 30-Year-Old RADIUS Protocol
- Writing language: Korean
- •
- Base country: All countries
- •
- Information Technology
Select Language
Summarized by durumis AI
- A serious security vulnerability, 'BlastRADIUS', has been discovered in the RADIUS protocol, which has been in use for 30 years, raising concerns about the security of network authentication systems.
- This vulnerability can be exploited to bypass authentication and escalate privileges through MD5 collision attacks, affecting various areas such as corporate Wi-Fi systems, ISPs, VPNs, public Wi-Fi, and mobile networks that use RADIUS.
- Researchers recommend abandoning RADIUS/UDP and transitioning to RADSEC (RADIUS over TLS), implementing multi-hop methods, and separating RADIUS traffic from the public internet. Network equipment manufacturers and administrators need to take swift action.
A Critical Flaw Found in the 30-Year-Old RADIUS Protocol: BlastRADIUS Vulnerability
A serious vulnerability has been discovered in the RADIUS protocol, which has been a cornerstone of network authentication. This flaw, named 'BlastRADIUS', has been lurking for 30 years. But why wasn't this vulnerability detected for so long?
What is RADIUS?
RADIUS stands for 'Remote Authentication Dial-In User Service'. It is a protocol that authenticates users attempting to access a network and grants them permissions. Simply put, it acts as a gatekeeper, asking, "Who are you? Can you come in?" when a user tries to access a network.
RADIUS is used in various places, and the most common example we encounter in our daily lives is corporate Wi-Fi authentication systems. For instance,
Ordinary Wi-Fi can be accessed with just a password. However, in this case, anyone with the password can access it, making it vulnerable to security breaches. Also, it's impossible to know exactly who accessed it and when.
On the other hand, corporate Wi-Fi systems using RADIUS are different. Employees access Wi-Fi with their unique company ID and password. The RADIUS server verifies this information and allows network access only to authenticated users. This allows you to accurately track who accessed the network and when, enhancing security.
Especially larger companies use these systems extensively because hundreds or thousands of employees can securely access the network with their unique accounts.
Of course, RADIUS is used in places other than corporate Wi-Fi:
1. Internet Service Providers (ISPs): Authentication when customers access the internet
2. VPN: Used for remote users to securely access the company network
3. Public Wi-Fi hotspots: User authentication and access management
4. Mobile Networks: Authentication when smartphones connect to cellular networks
RADIUS provides a centralized authentication method, allowing administrators to efficiently control the access of numerous users. However, a serious problem has been discovered in this critical function.
Background of the Vulnerability
The RADIUS protocol was designed in 1991. The network environment and security concepts at that time were significantly different from today's. Therefore, RADIUS was designed based on UDP. UDP is fast, but it is less secure compared to modern security protocols like TLS.
Details of the Vulnerability
BlastRADIUS (CVE-2024-3596) exploits MD5 collision attacks. MD5 is also a hash function that emerged in the early 1990s. However, over time, the vulnerabilities of MD5 have become apparent. Attackers can use this to manipulate the responses of the RADIUS server. Consequently, they can bypass authentication and escalate privileges.
It is important to note the serious vulnerability of MD5. In the current security industry, systems using MD5 are considered highly insecure. MD5 is extremely easy to crack. Surprisingly, it has become possible to break MD5 hashes in less than a minute. This means that systems using MD5 are susceptible to real-time hacking.
For these reasons, modern password systems have evolved from MD5 to SHA-1, SHA-2, and SHA-3. It is rare to find systems using MD5 where security is critical. However, the fact that RADIUS still uses MD5 is a significant cause for concern.
Scope of Impact
RADIUS is a core component of modern communication and corporate networks. It is used in almost all places, including the corporate Wi-Fi systems mentioned earlier, ISPs, public Wi-Fi, mobile networks, and IoT devices. Therefore, the impact of this vulnerability could be quite extensive.
Countermeasures
Researchers recommend completely abolishing RADIUS/UDP. They suggest migrating to RADIUS over TLS (RADSEC). The introduction of multi-hop methods and the isolation of RADIUS traffic from public internet are also recommended.
BlastRADIUS is a classic example of a 'design flaw' that has become a security vulnerability over time. Particularly, the continued use of outdated cryptographic technologies like MD5 is a major problem. This demonstrates the need for continuous updates to security protocols in line with the pace of technological advancement. No actual attack cases utilizing this vulnerability have been reported so far. However, considering the potential risk, swift action is necessary. This requires prompt measures from network equipment manufacturers and administrators.