Radius Protocol Flaw Enables Fake Authentication Responses

A group of researchers from various American universities and companies, including Cloudflare and Microsoft, have recently developed new attacks on the Radius protocol. This protocol is commonly used by communication operators, cloud services, and VPN providers for authentication, authorization, and user accounting. The attack, known as Blast-Radius, allows for the falsification of the Radius server’s response during authentication, enabling unauthorized access without knowledge of the password.

To exploit the vulnerability (CVE-2024-3596), an attacker must be capable of intercepting transit traffic and executing a full MITM (Man-In-The-Middle) attack. This would enable them to analyze, intercept, block, and modify the UDP packets sent by access points to request user authentication (Access-Request) and the responses from the Radius server confirming or denying the authentication. By intercepting the authentication request, an attacker could send a fake response indicating a different outcome, such as changing an Access-REJECT to an Access-ACCEPT.

The attack takes advantage of the use of UDP for transport in the Radius protocol and verifies message integrity using the MD5 algorithm. A secret key, known only to the access point and Radius server, is utilized to authenticate messages exchanged between the two entities. When responding to an authentication request, the Radius server generates an MD5 hash that the access server can use to verify the sender’s authenticity. The hash covers a random value, request identifier, returned attributes, and the secret key.

During a MITM attack, the attacker can intercept the identifier and random value from the request, as well as predict the operation code, size, and attributes. The attacker’s goal is to create a valid verification hash that aligns with the altered authentication response and passes the verification using the secret key. The MD5 algorithm is susceptible to collision attacks, allowing the attacker to manipulate irrelevant fillings to create a combination that matches the original response’s MD5 hash. This enables the attacker to send a fake response indicating successful authentication (Access-ACCEPT) instead of an error message.

/Reports, release notes, official announcements.