[ad_1]
Security researchers have discovered a flaw in a decades-old networking protocol that could be exploited to spy on users over internet connections and applications. The flaw affects the Remote Authentication Dial-In User Service or RADIUS protocol, which was originally developed in 1991. The protocol has since become a crucial way to centralize the authentication and authorization of users who connect to a network service. But on Tuesday, a team of security researchers disclosed a vulnerability in RADIUS that can pave the way for a “man-in-the-middle” attack, enabling an attacker to gain access to protected communications between a client and server. The researchers discovered a way to essentially forge the required credentials by exploiting MD5, an out-of-date hashing algorithm that RADIUS still depends on. “This forgery could give the attacker access to network devices and services without the attacker guessing or brute forcing passwords or shared secrets. The attacker does not learn user credentials,” the researchers wrote in a site dedicated to addressing the threat.
(Credit: Blast-RADIUS team)
The flaw, dubbed “Blast-RADIUS,” is particularly serious since the RADIUS protocol is widely used in internet applications and services. This includes authenticating access on VPNs, Wi-Fi and home internet connections from ISPs, and switches and routers for enterprise networks. The danger arises if a hacker is able to infiltrate a network and gain at least partial access. If the hacker successfully exploits Blast-RADIUS, they can then “escalate privileges from partial network access to being able to log into any device that uses RADIUS for authentication, or to assign itself arbitrary network privileges,” the researchers wrote. Security researchers have refrained from publicly releasing a proof-of-concept on how the attack works to prevent hackers from exploiting the flaw. InkBridge Networks, a maintainer of a RADIUS protocol, also noted: “It can take a significant amount of cloud computing power to succeed in performing the attack. This cost is also per packet being exploited, and cannot be automatically applied to many packets. If an attacker wants to perform 100 attacks, he has to use 100 times of computing power.
Recommended by Our Editors
“That being said, these costs can be acceptable for ‘script kiddies’ (amateur hackers) who steal credit cards,” InkBridge added. “These costs are also a drop in the bucket for nation-states who wish to target particular users.”The good news is that security researchers privately disclosed the flaw to tech vendors earlier this year. This gave InkBridge time to release a new version of FreeRADIUS, the most widely used version of RADIUS, to address the threat. For consumers, there’s nothing that can be done to stop the threat, the security researchers said in an FAQ. Instead, it’s up to vendors, ISPs, and companies to implement the developed mitigations. “In order to address this critical security issue, network technicians will have to install a firmware upgrade and reconfigure essentially every switch, router, GGSN, BNG, and VPN concentrator around the world,” says Alan DeKok, CEO of InkBridge Networks, who adds that he wrote the updated standards that all vendors have now implemented.
Like What You’re Reading?
Sign up for SecurityWatch newsletter for our top privacy and security stories delivered right to your inbox.
This newsletter may contain advertising, deals, or affiliate links. Subscribing to a newsletter indicates your consent to our Terms of Use and Privacy Policy. You may unsubscribe from the newsletters at any time.
[ad_2]