Cybersecurity experts from leading universities and tech companies have identified a critical vulnerability in the RADIUS networking protocol. Dubbed “Blast RADIUS,” the flaw allows attackers to bypass user authentication via man-in-the-middle (MITM) attacks and hash cracking. With a CVSS severity score of 7.5 out of 10, the vulnerability (CVE-2024-3596) poses a significant threat to network security by enabling unauthorized access to network devices and services without valid credentials. The issue affects deployments using PAP, CHAP, and other non-EAP authentication methods, while protocols like IPSec and TLS remain safe.
Attackers exploiting this vulnerability need network access to intercept and manipulate RADIUS traffic. By leveraging a sophisticated MD5 hash collision attack, they can forge valid authentication responses, granting unauthorized access to client devices.