https://community.isc2.org/t5/Threats/RADIUS-Protocol-Vulnerability/m-p/72057#M1253 <P>a lot of people are still using it since it is free inside windows server</P> Wed, 17 Jul 2024 01:59:34 GMT Bec 2024-07-17T01:59:34Z https://community.isc2.org/t5/Threats/RADIUS-Protocol-Vulnerability/m-p/71963#M1250 <P>Dear All,</P><P>&nbsp;</P><P><SPAN>The Remote Authentication Dial-In User Service, or RADIUS, network protocol is vulnerable to forgery attacks. The cybersecurity experts who detected the vulnerability have devised Blast-RADIUS, an “attack [that] allows a man-in-the-middle attacker to authenticate itself to a device using RADIUS for user authentication, or to assign itself arbitrary network privileges.” RADIUS is ubiquitous, so the vulnerability affects most networking devices. The researchers recommend that RADIUS/UP be deprecated. Short of that, suggested mitigations include transitioning to RADIUS over TLS, isolating RADIUS traffic, and watching for updates and applying them when they are available.<BR /><BR /><A href="https://www.theregister.com/2024/07/10/radius_critical_vulnerability/?is=2e17210a000df3b23714ee0b7fabf90d53a139a7fd871f741a8f77fe7ad94a1a" target="_blank">https://www.theregister.com/2024/07/10/radius_critical_vulnerability/?is=2e17210a000df3b23714ee0b7fabf90d53a139a7fd871f741a8f77fe7ad94a1a</A></SPAN></P><P>&nbsp;</P><P><SPAN><A href="https://nvd.nist.gov/vuln/detail/CVE-2024-3596?is=2e17210a000df3b23714ee0b7fabf90d53a139a7fd871f741a8f77fe7ad94a1a" target="_blank">https://nvd.nist.gov/vuln/detail/CVE-2024-3596?is=2e17210a000df3b23714ee0b7fabf90d53a139a7fd871f741a8f77fe7ad94a1a</A></SPAN></P><P>&nbsp;</P><P>&nbsp;</P> Sun, 14 Jul 2024 05:26:11 GMT https://community.isc2.org/t5/Threats/RADIUS-Protocol-Vulnerability/m-p/71963#M1250 Kyaw_Myo_Oo 2024-07-14T05:26:11Z https://community.isc2.org/t5/Threats/RADIUS-Protocol-Vulnerability/m-p/71989#M1252 <P><a href="https://community.isc2.org/t5/user/viewprofilepage/user-id/604565541">@Kyaw_Myo_Oo</a>&nbsp;&nbsp;&nbsp; I wonder how many organisations still use RADIUS these days, really antiquated protocol these days.&nbsp; There are many replacements available including Cisco TACACS+</P><P>&nbsp;</P><P>Regards</P><P>&nbsp;</P><P>Caute_Cautim</P> Sun, 14 Jul 2024 22:37:36 GMT https://community.isc2.org/t5/Threats/RADIUS-Protocol-Vulnerability/m-p/71989#M1252 Caute_cautim 2024-07-14T22:37:36Z https://community.isc2.org/t5/Threats/RADIUS-Protocol-Vulnerability/m-p/72057#M1253 <P>a lot of people are still using it since it is free inside windows server</P> Wed, 17 Jul 2024 01:59:34 GMT https://community.isc2.org/t5/Threats/RADIUS-Protocol-Vulnerability/m-p/72057#M1253 Bec 2024-07-17T01:59:34Z https://community.isc2.org/t5/Threats/RADIUS-Protocol-Vulnerability/m-p/72099#M1254 <P><a href="https://community.isc2.org/t5/user/viewprofilepage/user-id/1375678493">@Bec</a>Free may not be secure, but then they take the risk, and pay the consequences if Murphy's law descends upon them.&nbsp;&nbsp;</P><P>&nbsp;</P><P>Regards</P><P>&nbsp;</P><P>Caute_Cautim</P> Wed, 17 Jul 2024 20:28:59 GMT https://community.isc2.org/t5/Threats/RADIUS-Protocol-Vulnerability/m-p/72099#M1254 Caute_cautim 2024-07-17T20:28:59Z https://community.isc2.org/t5/Threats/RADIUS-Protocol-Vulnerability/m-p/72179#M1262 <P>Thanks for sharing your thoughts and views&nbsp;<a href="https://community.isc2.org/t5/user/viewprofilepage/user-id/809125741">@Caute_cautim</a>.</P><P>&nbsp;</P><P>&nbsp;</P> Fri, 19 Jul 2024 08:31:14 GMT https://community.isc2.org/t5/Threats/RADIUS-Protocol-Vulnerability/m-p/72179#M1262 Kyaw_Myo_Oo 2024-07-19T08:31:14Z https://community.isc2.org/t5/Threats/RADIUS-Protocol-Vulnerability/m-p/72180#M1263 <P>Thanks for sharing your thoughts and views&nbsp;<a href="https://community.isc2.org/t5/user/viewprofilepage/user-id/1375678493">@Bec</a>.</P><P>&nbsp;</P><P>&nbsp;</P> Fri, 19 Jul 2024 08:31:43 GMT https://community.isc2.org/t5/Threats/RADIUS-Protocol-Vulnerability/m-p/72180#M1263 Kyaw_Myo_Oo 2024-07-19T08:31:43Z