I was under the impression that RADIUS was some ancient protocol nobody used anymore (I remember it being big in the 90s dialup ISP infrastructure.) But of course it never went away and now it’s deployed for all sorts of decentralized auth: think VPNs and WiFi.

So like all 90s crypto it doesn’t use modern cryptographic methods (which in fairness, barely exists.) Authentication is done with a challenge/response protocol that builds a “MAC” in some ad-hoc way using MD5. An MITM attacker between client and server can forge this.