Researchers in partnership with InkBridge Networks in Canada, the company supporting FreeRadius, have announced they have discovered a vulnerability in the RADIUS protocol, which is widely used for network authentication for users on many corporate networks, VPNs, Wi-Fi and on broadband networks.
There is a trend to name protocol vulnerabilities these days and the researchers have coined the term BlastRADIUS. As an average consumer, it’s unlikely you’ll need to do anything. RADIUS is used by service providers to authenticate users setting up sessions from their broadband routers. Some consumer routers may have RADIUS functionality for VPNs or some other options however if you fall into one of these categories, you will know who you are. However, broadband providers or other organisations using RADIUS in the back-end authentication will probably need to upgrade the software to ensure they stay secure.
“The RADIUS protocol allows certain Access-Request messages to have no integrity or authentication checks. As a result, an attacker can modify these packets without detection. The attacker would be able to force any user to authenticate, and to give any authorization (VLAN, etc.) to that user.
Specifically, PAP, CHAP, and MS-CHAPv2 authentication methods are the most vulnerable. ISPs will have to upgrade their RADIUS servers and networking equipment. Anyone using MAC address authentication, or RADIUS for administrator logins to switches is vulnerable. Using TLS or IPSec prevents the attack, and 802.1X (EAP) is not vulnerable.
For most enterprises, the attacker would already need to have access to the management VLAN (virtual local area network). Internet service providers (ISPs) can be vulnerable if they send RADIUS traffic over intermediate networks, such as third-party outsourcers, or the wider Internet. Some uses of RADIUS are safe, including eduroam and the Wireless Broadband Alliance’s OpenRoaming framework.”
Alan DeKok, CEO, InkBridge
The vulnerability centres around a ‘man-in-the-middle’ attack which means that only someone able to intercept traffic could make use of the attack which does mitigate the issue somewhat, however it still carries a CVSS score of 9 of 10 which means it’s considered a “critical” vulnerability.
Test your broadband speed
Follow us on X for the latest broadband news 
Leave a reply