Matthew GreenJul 9, 2024
Very sophisticated attack against the RADIUS protocol that uses flaws in the protocol as well as a novel variant of the MD5 chosen prefix collision. Cryptography from the 90s never goes away! https://www.blastradius.fail/attack-details
BLAST RADIUS

Show threadMatthew GreenJul 9, 2024

I was under the impression that RADIUS was some ancient protocol nobody used anymore (I remember it being big in the 90s dialup ISP infrastructure.) But of course it never went away and now it’s deployed for all sorts of decentralized auth: think VPNs and WiFi.

So like all 90s crypto it doesn’t use modern cryptographic methods (which in fairness, barely exists.) Authentication is done with a challenge/response protocol that builds a “MAC” in some ad-hoc way using MD5. An MITM attacker between client and server can forge this.

Show threadMatthew GreenJul 9, 2024
Anyway: the important story here is not just the cool attack, but the fact that it really, really matters. How do you fix a protocol that’s fundamentally broken but that secures huge (and surprising) amounts of infrastructure, when most experts have forgotten it exists?
Show threadMatthew GreenJul 9, 2024
And before you say “meh it’s just some WiFi and commercial VPNs,” ask yourself: what protocols do you think are being used to secure oil pipeline controllers?
Show thread(hic/haec/hoc)Jul 9, 2024
@matthew_d_green all networking devices that don't use local, never changing passwords (assuming they're not using the default ones) use RADIUS. In theory the authentication traffic should go through separated, secure networks, but "in theory" is doing a lot of work here.
Show threadMarsh RayJul 9, 2024
@_hic_haec_hoc @matthew_d_green It's been a long time, but it used to be that many such devices could be configured to use LDAP/TLS as an auth protocol.
It seemed like a hack to me at the time, but they seem to have aged much better than these custom UDP-based creations.
Show thread(hic/haec/hoc)Jul 9, 2024
@marshray @matthew_d_green maybe some newer, high-end devices support LDAP, but your run-of-the-mill switch or router most likely doesn't. And RADIUS has been so widely deployed and for so long that there's a very large cost to changing to a different protocol even assuming all the devices support it
Show threadGorgeous na Shock!
@_hic_haec_hoc @marshray @matthew_d_green Yeah, I work at an ISP (and also have a lot of network gear at home) and everything is RADIUS and TACACS. 😌
Jul 9, 2024 at 11:03pmWeb