New Blast-RADIUS attack exploits 30-year-old protocol vulnerability

Ars Technica July 9, 2024, 09:00 PM UTC

Summary: A new Blast-RADIUS attack exploits the 30-year-old RADIUS protocol's use of MD5 for authentication, affecting networks worldwide. RADIUS is crucial for VPNs, ISPs, Wi-Fi, cellular roaming, and more. Despite MD5's known vulnerabilities since 2004, RADIUS has not been updated. The attack allows adversaries to gain administrator access to devices. Security bulletins from 90 vendors are being issued with patches and long-term solutions in progress.

Full article

Article metrics
Significance6.0
Scale9.0
Magnitude8.5
Novelty7.0
Actionability6.0
Immediacy8.0
Positivity2.0
Probability9.5
Credibility7.8

Timeline:

  1. [2.8]
    Critical RADIUS protocol vulnerability, BlastRADIUS, exposes networking equipment (Help Net Security)
    6d
    Source