Matthew GreenJul 9, 2024
Very sophisticated attack against the RADIUS protocol that uses flaws in the protocol as well as a novel variant of the MD5 chosen prefix collision. Cryptography from the 90s never goes away! https://www.blastradius.fail/attack-details
BLAST RADIUS

Show threadtoadjauneJul 9, 2024

@matthew_d_green yeah, in the ecosystem of network access control, radius is basically the one standard that you'll find everywhere.

WPA2-enterprise (802.1x) ? Any kind of client identity check on an ethernet port somewhere ?
You can reasonably bet that it's talking radius to its authentication server, you'd probably be right in like 90% of cases.

(kind of how ldap is supported everywhere and not dying anytime soon)

Show threadtoadjaune

@matthew_d_green worse even, there's quite a bit of radius over the internet.

Consider Eduroam (federated network access for students across many universities across the world)
Whenever you authenticate to a network that's not yours, the local radius server queries your university's radius over the Internet.

(At least client creds are supposed to transit in a proper TLS tunnel if everything is configured properly, but many clients aren't, and probably many servers too)

Jul 9, 2024 at 10:01pmWeb
Show threadtoadjauneJul 9, 2024

@matthew_d_green not sure how much it's still used inside ISPs, or cellular networks.

It is my understanding that a lot of cellular neworks have moved to diameter, but well, I really have no idea how much of the actual infra that actually concerns

Show threadtoadjauneJul 10, 2024
@matthew_d_green also good to note that afaict, EAP uses are not affected, and it's possible to encapsulate radius in TLS (sometimes called RadSec), in which case, the radius broken cryptography shouldn't matter