Blast-RADIUS, an authentication bypass in the widely used RADIUS/UDP protocol, allows malicious actors to penetrate networks and devices via man-in-the-middle MD5 collision attacks.
Many networked devices (including switches, routers, and other routing infrastructure) on enterprise and telecommunications networks use the Remote Authentication Dial-In User Service (RADIUS) authentication and authorization protocol, sometimes tens of thousands of devices on a single network.
Among its wide range of applications, the protocol is used for authentication in DSL and FTTH (Fiber to the Home), 802.1X and Wi-Fi networks, 2G and 3G cellular roaming, 5G Data Network Name (DNN), private APN and VPN, and critical infrastructure networks.
Blast-RADIUS exploits a new protocol vulnerability (CVE-2024-3596) and an MD5 collision attack, allowing attackers with access to RADIUS traffic to manipulate server responses and add arbitrary protocol attributes, allowing them to gain administrative privileges on RADIUS devices without requiring brute force or credential theft.
“The Blast-RADIUS attack allows a man-in-the-middle attacker between the RADIUS client and server to forge a valid protocol acceptance message in response to a failed authentication request,” explained the researchers behind the attack.
“This tampering could give the attacker access to network devices and services without having to guess or brute force passwords or shared secrets. The attacker does not learn the user’s credentials.
“An adversary exploiting our attack can elevate their privileges from partial network access to the ability to connect to any device using RADIUS for authentication, or to grant themselves arbitrary network privileges.”
The RADIUS protocol uses MD5 hashed requests and responses when authenticating to a device. The researchers’ proof-of-concept exploit (which has not yet been shared) calculates an MD5 chosen-prefix hash collision needed to forge a valid “Access-Accept” response to indicate a successful authentication request. This forged MD5 hash is then injected into the network communication using a man-in-the-middle attack, allowing the attacker to log in.
The exploit takes 3-6 minutes to forge this MD5 hash, longer than the 30-60 second timeouts commonly used in practice for RADIUS.
However, each step of the collision algorithm used in the attack can be efficiently parallelized and is suitable for hardware optimization, which would allow a well-resourced attacker to implement the attack using more modern and faster GPUs, FPGAs, or other hardware to achieve much faster execution times, possibly tens or hundreds of times faster.
“Although an MD5 hash collision was first demonstrated in 2004, it was not thought possible to exploit it in the context of the RADIUS protocol,” the research team said.
“Our attack identifies a protocol vulnerability in the way RADIUS uses MD5 that allows the attacker to inject a malicious protocol attribute that produces a hash collision between the server-generated response authenticator and the attacker’s desired forged response packet.
“Furthermore, since our attack is online, the attacker must be able to compute a chosen-prefix MD5 collision attack in minutes or seconds. The fastest chosen-prefix collision attacks to date took hours and produced collisions that were not compatible with the RADIUS protocol.”
Since this attack does not compromise end-user credentials, there is nothing end-users can do to protect themselves. However, vendors and system administrators who manufacture and manage RADIUS devices are advised to follow these best practices and guidance.
To defend against this attack, network operators can move to RADIUS over TLS (RADSEC), move to “multi-hop” RADIUS deployments, and isolate RADIUS traffic from Internet access using restricted-access management VLANs or TLS/IPsec tunneling.
News Source : www.bleepingcomputer.com
Gn tech
