Critical Flaw Discovered in 30-Year-Old RADIUS Protocol

Critical Flaw Discovered in 30-Year-Old RADIUS Protocol: The BlastRADIUS Vulnerability

A serious vulnerability has been found in the RADIUS protocol, which has been a cornerstone of network authentication. This vulnerability, which has been hidden for 30 years, has been dubbed 'BlastRADIUS'. But why was this vulnerability undetected for so long?

What is RADIUS?

RADIUS stands for 'Remote Authentication Dial-In User Service'. It's a protocol that authenticates and authorizes users trying to access a network. Simply put, it acts as a gatekeeper, checking "Who are you? Are you allowed in?" when a user tries to connect to a network.

RADIUS is used in various applications, and the most common example we encounter in our daily lives is a company's Wi-Fi authentication system. Let's look at an example.

Regular Wi-Fi can be accessed simply by entering a password. However, this approach is vulnerable to security breaches because anyone with the password can access it. Moreover, it's difficult to track exactly who accessed the network and when.

On the other hand, a company Wi-Fi system using RADIUS is different. Employees access Wi-Fi using their unique company ID and password. The RADIUS server verifies this information and grants network access only to authenticated users. This allows for precise tracking of who accesses the network and when, enhancing security.

Especially large companies tend to utilize such systems, as it enables hundreds or thousands of employees to securely access the network using their unique accounts.

Of course, RADIUS is used in various other applications besides company Wi-Fi:

1. Internet Service Providers (ISPs): Authenticating customers when they access the internet
2. VPNs: Used when remote users securely access a company network
3. Public Wi-Fi hotspots: User authentication and access management
4. Mobile networks: Authenticating smartphones when connecting to cellular networks

RADIUS provides centralized authentication, allowing administrators to efficiently manage access for numerous users. However, a critical issue has been discovered in this crucial component.

Background of the Vulnerability

The RADIUS protocol was designed in 1991. The network environment and security concepts of that era were vastly different from today. Therefore, RADIUS was designed based on UDP. While UDP is fast, it's less secure compared to modern security protocols like TLS.

Details of the Vulnerability

BlastRADIUS (CVE-2024-3596) leverages an MD5 collision attack. MD5 is also a hash function that emerged in the early 90s. However, over time, vulnerabilities in MD5 were revealed. Attackers can exploit this to manipulate the RADIUS server's responses. Consequently, they can bypass authentication and escalate privileges.

It's important to highlight the severe vulnerability of MD5. Currently, systems using MD5 are considered highly insecure within the security industry. MD5 is incredibly easy to crack. Surprisingly, breaking an MD5 hash can now be done in under a minute. This implies that systems using MD5 are susceptible to real-time hacking.

For these reasons, modern password systems have evolved from MD5 to SHA-1, SHA-2, and SHA-3. It's rare to find MD5 used in security-critical systems nowadays. However, the fact that RADIUS still utilizes MD5 is a significant cause for concern.

Impact Scope

RADIUS is a fundamental element of modern communication and corporate networks. As mentioned earlier, it's employed in various applications like company Wi-Fi systems, ISPs, public Wi-Fi, mobile networks, and IoT devices. Therefore, the impact of this vulnerability can be quite extensive.

Countermeasures

Researchers recommend the complete discontinuation of RADIUS/UDP. They propose migrating to RADIUS over TLS (RADSEC) instead. Additionally, implementing a multi-hop approach and isolating RADIUS traffic from the public internet are also recommended.

BlastRADIUS is a prime example of a 'design flaw' that has become a security vulnerability over time. The continued use of outdated encryption technologies like MD5 is a major issue. This highlights the necessity of consistently updating security protocols in line with technological advancements. While no actual attack cases exploiting this vulnerability have been reported so far, the potential risks warrant immediate action. Swift responses from network equipment manufacturers and administrators are crucial.