Blast-RADIUS vulnerability in RADIUS protocol (CVE-2024-3596) allows MD5 collision attacks, compromising network security

Continue reading
The Blast-RADIUS vulnerability represents a severe authentication bypass in the Remote Authentication Dial-In User Service (RADIUS) protocol, leveraging an MD5 collision attack CVE-2024-3596.
This vulnerability allows attackers to exploit the RADIUS protocol, commonly used for network authentication in various environments, including enterprise networks, telecommunication infrastructures, and critical systems.
A team of researchers from several universities, Microsoft, and the Dutch Centrum Wiskunde & Informatica (CWI) discovered a security vulnerability.
This vulnerability allows attackers bypass authentication, giving them unauthorized access to network devices
Devices impacted by the Blast-RADIUS vulnerability include switches, routers, and other networked infrastructure components that utilize the RADIUS protocol for authentication. This encompasses a broad range of devices deployed in enterprise networks, telecommunications, and critical infrastructures.

*Illustration of the attack sequence*
The RADIUS protocol is integral to numerous applications, such as:
The Blast-RADIUS attack is primarily executed through a man-in-the-middle (MitM) approach, intercepting RADIUS traffic between a client and a server. This allows the attacker to manipulate and forge server responses.
The core of the attack is an MD5 chosen-prefix collision, which the attacker uses to generate a valid "Access-Accept" response to a failed authentication attempt. This response is then injected into the network communication, effectively bypassing the authentication mechanism without requiring brute force or password guessing.
The attack's efficiency can be significantly enhanced using hardware acceleration techniques. By employing GPUs or FPGAs, attackers can expedite the collision computation process, reducing the attack execution time from minutes to potentially seconds.
The vulnerability stems from a longstanding issue with MD5 hash collisions, first demonstrated in 2004. While MD5 vulnerabilities have been widely acknowledged, their exploitation in the context of the RADIUS protocol was not deemed feasible until now.
The Blast-RADIUS attack demonstrates the practical application of an MD5 collision in a real-world protocol, highlighting the continued relevance of legacy cryptographic weaknesses.
The proof-of-concept (PoC) for Blast-RADIUS underscores the feasibility and attack flow. It involves generating an MD5 chosen-prefix collision to forge a valid "Access-Accept" message. Below is a simplified version of the PoC.
import hashlib
def md5_collision(prefix1, prefix2, suffix):
# Placeholder function to demonstrate collision generation
collision_block1 = b"\x00" * 64
collision_block2 = b"\x01" * 64
return hashlib.md5(prefix1 + collision_block1 + suffix).hexdigest(), \
hashlib.md5(prefix2 + collision_block2 + suffix).hexdigest()
# Example usage
prefix1 = b"Access-Reject"
prefix2 = b"Access-Accept"
suffix = b"SomeRandomSuffix"
hash1, hash2 = md5_collision(prefix1, prefix2, suffix)
print(f"Hash1: {hash1}")
print(f"Hash2: {hash2}")To defend against Blast-RADIUS, network operators and system administrators should consider the following measures:
Switching to RADIUS over TLS (RADSEC) provides encryption and authentication, mitigating the risk of MitM attacks.
Implementing multihop RADIUS deployments can isolate authentication traffic from potential attackers.
Isolate RADIUS traffic from the internet using restricted-access management VLANs or secure tunneling protocols like TLS/IPsec.
Cloudflare and the CERT Coordination Center at Carnegie Mellon University are warning about this high severity vulnerability in both of their research1 & 2, urging immediate action. Alan DeKok from FreeRADIUS has explained how the attack works and how to defend against it in a detailed white paper. More details will be shared at the USENIX Security Symposium in August.
By leveraging an MD5 collision, attackers can bypass authentication mechanisms, potentially compromising vast network infrastructures.
Network operators must update their systems, audit code, and adopt modern security practices to mitigate this threat effectively.

Splunk disclosed CVE-2026-20253, a critical pre-auth RCE flaw in Splunk Enterprise (CVSS 9.8) from insecure MongoDB defaults. Patches released; upgrade to 9.1.8, 9.2.5, or 9.3.2.