cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Kyaw_Myo_Oo
Contributor III

RADIUS Protocol Vulnerability

Dear All,

 

The Remote Authentication Dial-In User Service, or RADIUS, network protocol is vulnerable to forgery attacks. The cybersecurity experts who detected the vulnerability have devised Blast-RADIUS, an “attack [that] allows a man-in-the-middle attacker to authenticate itself to a device using RADIUS for user authentication, or to assign itself arbitrary network privileges.” RADIUS is ubiquitous, so the vulnerability affects most networking devices. The researchers recommend that RADIUS/UP be deprecated. Short of that, suggested mitigations include transitioning to RADIUS over TLS, isolating RADIUS traffic, and watching for updates and applying them when they are available.

https://www.theregister.com/2024/07/10/radius_critical_vulnerability/?is=2e17210a000df3b23714ee0b7fa...

 

https://nvd.nist.gov/vuln/detail/CVE-2024-3596?is=2e17210a000df3b23714ee0b7fabf90d53a139a7fd871f741a...

 

 

Kyaw Myo Oo
Manager , CB BANK PCL
CCIE #58769 | PCNSE | SAA-C03 | CCSM | CISSP | PMP
5 Replies
Caute_cautim
Community Champion

@Kyaw_Myo_Oo    I wonder how many organisations still use RADIUS these days, really antiquated protocol these days.  There are many replacements available including Cisco TACACS+

 

Regards

 

Caute_Cautim

Bec
Viewer II

a lot of people are still using it since it is free inside windows server

Caute_cautim
Community Champion

@BecFree may not be secure, but then they take the risk, and pay the consequences if Murphy's law descends upon them.  

 

Regards

 

Caute_Cautim

Kyaw_Myo_Oo
Contributor III

Thanks for sharing your thoughts and views @Caute_cautim.

 

 

Kyaw Myo Oo
Manager , CB BANK PCL
CCIE #58769 | PCNSE | SAA-C03 | CCSM | CISSP | PMP
Kyaw_Myo_Oo
Contributor III

Thanks for sharing your thoughts and views @Bec.

 

 

Kyaw Myo Oo
Manager , CB BANK PCL
CCIE #58769 | PCNSE | SAA-C03 | CCSM | CISSP | PMP