- Windscribe VPN review: A flexible and free VPN
- One of my favorite foldables brings the flip phone back in the best way (and it's $200 off)
- I opened up a cheap 600W charger to test its build, and found 'goo' inside
- How to negotiate like a pro: 4 secrets to success
- One of the cheapest Android tablets I've ever tested replaced my iPad with no sweat
MD5 attack puts RADIUS networks everywhere at risk
“Prior to our work, there was no publicly-known attack exploiting MD5 to violate the integrity of the RADIUS/UDP traffic,” the researchers wrote in a blog post. “However, attacks continue to get faster, cheaper, become more widely available, and become more practical against real protocols. Protocols that we thought might be ‘secure enough,’ in spite of their reliance on outdated cryptography, tend to crack as attacks continue to improve over time.”
How Blast-RADIUS works
The RADIUS authentication, authorization, and accounting (AAA) protocol operates using a client-server model. When a user or machine tries to access a resource in a RADIUS-deployed network, they send a request with their credentials to that resource, which uses a RADIUS client to forward them to a RADIUS server for validation and authorization.
The message between the RADIUS client and server, known as an Access-Request, contains the user’s obfuscated username and password along with various other information. The server responds with Access-Reject or Access-Accept messages that contain a message authentication code (MAC) called Response Authenticator whose goal is to prove that the response came from the server and was not tampered with.
