<div dir="auto"><div>FYI Folks</div><div dir="auto"><br></div><div dir="auto">Noah<br><br><div class="gmail_quote" dir="auto"><div dir="ltr" class="gmail_attr">---------- Forwarded message ---------<br>From: <strong class="gmail_sendername" dir="auto">Sharon Goldberg</strong> <span dir="auto"><<a href="mailto:sharon.goldbe@gmail.com">sharon.goldbe@gmail.com</a>></span><br>Date: Tue, 9 Jul 2024, 18:32<br>Subject: Blast-RADIUS attack<br>To: Nadia Heninger <<a href="mailto:nadiah@cs.ucsd.edu">nadiah@cs.ucsd.edu</a>>,  <<a href="mailto:nanog@nanog.org">nanog@nanog.org</a>><br></div><br><br><div><div><p dir="ltr" style="line-height:1.38;margin-top:0pt;margin-bottom:0pt"><span style="font-size:11pt;font-family:arial,sans-serif;font-weight:400;font-style:normal;font-variant-ligatures:normal;font-variant-caps:normal;font-variant-alternates:normal;font-variant-numeric:normal;font-variant-east-asian:normal;text-decoration:none;vertical-align:baseline;white-space:pre-wrap;background-color:transparent;color:rgb(0,0,0)">Hi Nanog</span></p><br><p dir="ltr" style="line-height:1.38;margin-top:0pt;margin-bottom:0pt"><span style="font-size:11pt;font-family:arial,sans-serif;font-weight:400;font-style:normal;font-variant-ligatures:normal;font-variant-caps:normal;font-variant-alternates:normal;font-variant-numeric:normal;font-variant-east-asian:normal;text-decoration:none;vertical-align:baseline;white-space:pre-wrap;background-color:transparent;color:rgb(0,0,0)">Today we announced a vulnerability in the RADIUS protocol, based on its outdated use of the MD5 hash function. We wanted to share it with this list because we suspect many NANOG folks could be operating RADIUS in their networks (to control admin access to routers and switches and other networking gear). </span></p><br><p dir="ltr" style="line-height:1.38;margin-top:0pt;margin-bottom:0pt"><span style="font-size:11pt;font-family:arial,sans-serif;font-weight:400;font-style:normal;font-variant-ligatures:normal;font-variant-caps:normal;font-variant-alternates:normal;font-variant-numeric:normal;font-variant-east-asian:normal;text-decoration:none;vertical-align:baseline;white-space:pre-wrap;background-color:transparent;color:rgb(0,0,0)">Our Blast-RADIUS attack allows a Man-in-the-Middle (MitM), with access to RADIUS traffic, to gain unauthorized administrative access to the devices using RADIUS clients for authentication. It does this without needing to brute force or steal credentials or shared secrets. The attack has been given a CVSS score of 9.0. </span></p><br><p dir="ltr" style="line-height:1.38;margin-top:0pt;margin-bottom:0pt"><span style="font-size:11pt;font-family:arial,sans-serif;font-weight:400;font-style:normal;font-variant-ligatures:normal;font-variant-caps:normal;font-variant-alternates:normal;font-variant-numeric:normal;font-variant-east-asian:normal;text-decoration:none;vertical-align:baseline;white-space:pre-wrap;background-color:transparent;color:rgb(0,0,0)">This attack works on all authentication modes of RADIUS/UDP apart from those that use EAP. It exploits a protocol vulnerability that has been present in the RADIUS specifications since the 1990s. We exploited the vulnerability by developing an improved attack on the MD5 hash function. </span></p><br><p dir="ltr" style="line-height:1.38;margin-top:0pt;margin-bottom:0pt"><span style="font-size:11pt;font-family:arial,sans-serif;font-weight:400;font-style:normal;font-variant-ligatures:normal;font-variant-caps:normal;font-variant-alternates:normal;font-variant-numeric:normal;font-variant-east-asian:normal;text-decoration:none;vertical-align:baseline;white-space:pre-wrap;background-color:transparent;color:rgb(0,0,0)">The long-term fix is to run RADIUS over TLS.  There are also short term patches for RADIUS/UDP. Vendors have released new mitigations against this attack today. </span></p><br><p dir="ltr" style="line-height:1.38;margin-top:0pt;margin-bottom:0pt"><span style="font-size:11pt;font-family:arial,sans-serif;font-weight:400;font-style:normal;font-variant-ligatures:normal;font-variant-caps:normal;font-variant-alternates:normal;font-variant-numeric:normal;font-variant-east-asian:normal;text-decoration:none;vertical-align:baseline;white-space:pre-wrap;background-color:transparent;color:rgb(0,0,0)">Here’s some more info about the attack and its mitigations. </span></p><br><p dir="ltr" style="line-height:1.38;margin-top:0pt;margin-bottom:0pt"><a href="https://www.blastradius.fail/" style="text-decoration:none" target="_blank" rel="noreferrer"><span style="font-size:11pt;font-family:arial,sans-serif;font-weight:400;font-style:normal;font-variant-ligatures:normal;font-variant-caps:normal;font-variant-alternates:normal;font-variant-numeric:normal;font-variant-east-asian:normal;text-decoration:underline;vertical-align:baseline;white-space:pre-wrap;background-color:transparent;color:rgb(17,85,204)">https://www.blastradius.fail/</span></a></p><p dir="ltr" style="line-height:1.38;margin-top:0pt;margin-bottom:0pt"><a href="https://blog.cloudflare.com/radius-udp-vulnerable-md5-attack/" style="text-decoration:none" target="_blank" rel="noreferrer"><span style="font-size:11pt;font-family:arial,sans-serif;font-weight:400;font-style:normal;font-variant-ligatures:normal;font-variant-caps:normal;font-variant-alternates:normal;font-variant-numeric:normal;font-variant-east-asian:normal;text-decoration:underline;vertical-align:baseline;white-space:pre-wrap;background-color:transparent;color:rgb(17,85,204)">https://blog.cloudflare.com/radius-udp-vulnerable-md5-attack/</span></a></p><p dir="ltr" style="line-height:1.38;margin-top:0pt;margin-bottom:0pt"><a href="https://www.inkbridgenetworks.com/blastradius" style="text-decoration:none" target="_blank" rel="noreferrer"><span style="font-size:11pt;font-family:arial,sans-serif;font-weight:400;font-style:normal;font-variant-ligatures:normal;font-variant-caps:normal;font-variant-alternates:normal;font-variant-numeric:normal;font-variant-east-asian:normal;text-decoration:underline;vertical-align:baseline;white-space:pre-wrap;background-color:transparent;color:rgb(17,85,204)">https://www.inkbridgenetworks.com/blastradius</span></a></p><br><p dir="ltr" style="line-height:1.38;margin-top:0pt;margin-bottom:0pt"><span style="font-size:11pt;font-family:arial,sans-serif;font-weight:400;font-style:normal;font-variant-ligatures:normal;font-variant-caps:normal;font-variant-alternates:normal;font-variant-numeric:normal;font-variant-east-asian:normal;text-decoration:none;vertical-align:baseline;white-space:pre-wrap;background-color:transparent;color:rgb(0,0,0)">Thanks</span></p><p dir="ltr" style="line-height:1.38;margin-top:0pt;margin-bottom:0pt"><span style="font-size:11pt;font-family:arial,sans-serif;font-weight:400;font-style:normal;font-variant-ligatures:normal;font-variant-caps:normal;font-variant-alternates:normal;font-variant-numeric:normal;font-variant-east-asian:normal;text-decoration:none;vertical-align:baseline;white-space:pre-wrap;background-color:transparent;color:rgb(0,0,0)">Sharon Goldberg</span></p><p dir="ltr" style="line-height:1.38;margin-top:0pt;margin-bottom:0pt"><span style="font-family:arial,sans-serif;font-size:11pt;white-space:pre-wrap;background-color:transparent;color:rgb(0,0,0)">(for the Blast-RADIUS team)</span></p><p dir="ltr" style="line-height:1.38;margin-top:0pt;margin-bottom:0pt"><span style="font-family:arial,sans-serif;font-size:11pt;white-space:pre-wrap;background-color:transparent;color:rgb(0,0,0)"></span></p><div style="font-family:arial,sans-serif"><a href="https://www.blastradius.fail/" style="font-family:arial,sans-serif" target="_blank" rel="noreferrer">https://www.blastradius.fail/</a></div><br><p></p></div></div>
</div></div></div>