“Prior to our work, there were no publicly known attacks exploiting MD5 to break the integrity of RADIUS/UDP traffic,” the researchers wrote in a blog post. “However, attacks continue to be fast, cheap, widely available, and exploitable compared to real protocols. Protocols that we thought might be ‘secure enough,’ despite their reliance on outdated encryption, are often cracked as attacks continue to improve over time.”
How Blast-RADIUS works
The RADIUS authentication, authorization, and accounting (AAA) protocol operates using a client-server model. When a user or machine tries to access a resource on a RADIUS-enabled network, it sends a request and its credentials to that resource, which uses the RADIUS client to forward them to the RADIUS server for authentication and authorization.
The message between the RADIUS client and the server, known as an Access-Request, contains an encrypted username and password and various other information. The server responds with Access-Reject or Access-Accept messages that contain a message authentication code (MAC) called a Response Validator whose purpose is to ensure that the response originated from the server and was not tampered with.
Source link