CRITICAL VULNERABILITY: BlastRADIUS
Alan DeKok
aland at deployingradius.com
Mon Jul 8 21:11:41 UTC 2024
If you’re on this mailing list, you need to know about BlastRADIUS.
BlastRADIUS is a thirty year-old design flaw in the RADIUS protocol. Exploiting the vulnerability allows an attacker to authenticate anyone to your local network:
• Any Multi-Factor Authentication (MFA) can be bypassed
• Unknown users can be given network access
• Unknown users can be granted administrative login to key networking equipment
• Known users can have their traffic redirected to a "honeypot"
BlastRADIUS has a CVSS score of 9.0, which is extremely high.
This vulnerability affects ALL RADIUS clients and ALL RADIUS servers. It is an issue in the underlying protocol, not any specific implementation. All RADIUS servers are affected and MUST BE UPGRADED as soon as possible. In some cases, it is possible to upgrade clients in a less time critical manner. See our resource hub for more information. https://www.inkbridgenetworks.com/blastradius
*** RESOURCES ***
freeRADIUS resource page: https://www.freeradius.org/security/
InkBridge Networks BlastRADIUS resource page: https://www.inkbridgenetworks.com/blastradius
Official BlastRADIUS site: https://blastRADIUS.fail <https://blastradius.fail/>
FREE Webinar TODAY 9am ET with:
- Alan DeKok, founder of freeRADIUS and InkBridge Networks CEO
- Nadia Heninger, lead cryptographer who discovered the vulnerability
Register now: https://alandekok.com/webinar2/
FREE Webinar TODAY 2:00pm ET with Alan DeKok
Register now: https://alandekok.com/webinar/
Webinar recordings will be made available if you aren’t able to attend.
More information about the Freeradius-Users
mailing list