“Prior to our work, there was no publicly-known attack exploiting MD5 to violate the integrity of the RADIUS/UDP traffic,” the researchers wrote in a blog post. “However, attacks continue to get faster, cheaper, become more widely available, and become more practical against real protocols. Protocols that we thought might be ‘secure enough,’ in spite of their reliance on outdated cryptography, tend to crack as attacks continue to improve over time.”

How Blast-RADIUS works

The RADIUS authentication, authorization, and accounting (AAA) protocol operates using a client-server model. When a user or machine tries to access a resource in a RADIUS-deployed network, they send a request with their credentials to that resource, which uses a RADIUS client to forward them to a RADIUS server for validation and authorization.

The message between the RADIUS client and server, known as an Access-Request, contains the user’s obfuscated username and password along with various other information. The server responds with Access-Reject or Access-Accept messages that contain a message authentication code (MAC) called Response Authenticator whose goal is to prove that the response came from the server and was not tampered with.