Skip to main content

BlastRADIUS Attack Exposes Critical Flaw in 30-Year-Old RADIUS Protocol


Jasper_The_Rasper
Moderator
Forum|alt.badge.img+54

Security vendor InkBridge Networks calls urgent attention to the discovery of a decades-old design flaw (CVE-2024-3596) in the popular RADIUS protocol.

 

July 9, 2024 By Ryan Naraine

 

BlastRADIUS

Security vendor InkBridge Networks on Tuesday called urgent attention to the discovery of a thirty-year-old design flaw in the RADIUS protocol and warned that advanced attackers can launch exploits to authenticate anyone to a local network, bypassing any multi-factor-authentication (MFA) protections.

The company published a technical description of what is being called the BlastRADIUS attack and warned that corporate networks such as internal enterprise networks, Internet Service Providers (ISPs), and Telecommunications companies (telcos) are exposed to major risk.

The flaw was discovered by researchers at Boston University, Cloudflare, BastionZero, Microsoft Research, Centrum Wiskunde & Informatica and the University of California, San Diego.

The vulnerability is being tracked as CVE-2024-3596 and VU#456537.

 

>>Full Article<<

0 replies

Be the first to reply!

Reply