New Vulnerability Affects RADIUS Networking Protocol
Cybersecurity researchers have disclosed a vulnerability in the commonly used RADIUS networking protocol, which “allows a man-in-the-middle attacker between the RADIUS client and server to forge a valid protocol accept message in response to a failed authentication request.”
The Remote Authentication Dial-In User Service (RADIUS) protocol, which was developed in the 1990s and is still widely used to authenticate access to switches and other routing infrastructure.
The Blast-RADIUS vulnerability, which is rated 7.5 out of 10 on the CVSS severity scale, could allow attackers to access network devices and services without obtaining any credentials.
“System administrators of networks using RADIUS should check with vendors for a patch against this vulnerability, and follow best practices for RADIUS configuration,” the Blast-RADIUS website says.
Read more at the Blast-RADIUS website.