Matthew GreenJul 9, 2024
Very sophisticated attack against the RADIUS protocol that uses flaws in the protocol as well as a novel variant of the MD5 chosen prefix collision. Cryptography from the 90s never goes away! https://www.blastradius.fail/attack-details
BLAST RADIUS

Show threadMatthew GreenJul 9, 2024

I was under the impression that RADIUS was some ancient protocol nobody used anymore (I remember it being big in the 90s dialup ISP infrastructure.) But of course it never went away and now it’s deployed for all sorts of decentralized auth: think VPNs and WiFi.

So like all 90s crypto it doesn’t use modern cryptographic methods (which in fairness, barely exists.) Authentication is done with a challenge/response protocol that builds a “MAC” in some ad-hoc way using MD5. An MITM attacker between client and server can forge this.

Show threadMatthew GreenJul 9, 2024
Anyway: the important story here is not just the cool attack, but the fact that it really, really matters. How do you fix a protocol that’s fundamentally broken but that secures huge (and surprising) amounts of infrastructure, when most experts have forgotten it exists?
Show threadMatthew GreenJul 9, 2024
And before you say “meh it’s just some WiFi and commercial VPNs,” ask yourself: what protocols do you think are being used to secure oil pipeline controllers?
Show threadGary Parker
@matthew_d_green if you’re using Duo MFA with an auth proxy, guess what protocol you’re using to talk to the AD 😉
Jul 9, 2024 at 8:57pmWeb