New Vulnerability Affects RADIUS Networking Protocol
Cybersecurity researchers have disclosed a vulnerability in the commonly used RADIUS networking protocol, which “allows a man-in-the-middle attacker between the RADIUS client and server to forge a valid protocol accept message in response to a failed authentication request.”
The Remote Authentication Dial-In User Service (RADIUS) protocol, which was developed in the 1990s and is still widely used to authenticate access to switches and other routing infrastructure.
The Blast-RADIUS vulnerability, which is rated 7.5 out of 10 on the CVSS severity scale, could allow attackers to access network devices and services without obtaining any credentials.
“System administrators of networks using RADIUS should check with vendors for a patch against this vulnerability, and follow best practices for RADIUS configuration,” the Blast-RADIUS website says.
Read more at the Blast-RADIUS website.
Related content
-
Microsoft Network Policy Server
Redmond's RADIUS implementation connects systems and provides secure authorization and logging. -
FreeRADIUS for WiFi Hotspots
Tired of contending with shared passwords for wireless networks? Use WPA Enterprise and a FreeRADIUS server to set up a user password solution for wireless users.
-
FreeRADIUS for WiFi hotspots
Tired of contending with shared passwords for wireless networks? Use WPA Enterprise and a FreeRADIUS server to set up a user password solution for wireless users. - Windows Update Causes Authentication Failures
-
Link Encryption with MACsec
MACsec encrypts defined links with high performance and secures Layer 2 protocols between client and switch or between two switches.
Subscribe to our ADMIN Newsletters
Subscribe to our Linux Newsletters
Find Linux and Open Source Jobs
Most Popular
Support Our Work
ADMIN content is made possible with support from readers like you. Please consider contributing when you've found an article to be beneficial.
