The recent discovery of the Blast-RADIUS vulnerability (CVE-2024-3596) poses a significant risk to networks worldwide. This flaw in the RADIUS authentication protocol can be exploited by attackers to gain unauthorized access, launch denial-of-service attacks, and steal sensitive data.

How Blast-RADIUS works

Attackers can manipulate RADIUS authentication packets to intercept and modify user credentials, forge authentication tokens, or overload the RADIUS server. This allows them to bypass security controls and gain unauthorized access to network resources.

Green Rocket Security mitigates the Blast-RADIUS threat in a GreenRADIUS update

GreenRADIUS update v5.2.9.9 is now available to mitigate Blast-RADIUS.

The updated version allows administrators to enforce validation of client Message-Authenticator attribute per RADIUS client configured in GreenRADIUS (disabled by default). This adds a layer of protection by verifying the integrity of authentication packets.

By upgrading to GreenRADIUS v5.2.9.9 (and later) and enabling the check on the Message-Authenticator attribute in RADIUS client configurations, organizations can mitigate the risk of a Blast-RADIUS attack and protect their valuable network resources.