Trending Now

Menu
Search
Headline
Insights into Common Snapping Turtles: From Behavior to Preservation
DIY Acrylic Nails: A Step-by-Step Guide to Applying Nail Powder at Home
AMD Brings Performance Improvements for Ryzen CPUs to Windows 11 Stable Release – PC – News
The United States won gold in the team relay on the opening day of the mountain bike world championships
The United States won gold in the team relay on the opening day of the mountain bike world championships
ANWB introduces automatic shutdown function against night blocking rates – Image and sound – News
EU to investigate whether Telegram lied about user numbers – IT Pro – News
Rumor: PlayStation 5 Pro to be revealed in September, looks like a ‘Slim’ – Gaming – News
Lenovo Product Manager: Intel Still Working on Arrow Lake Halo Processor – Computer – News
Juridisch adviseur breekt met Shima Kaes om voorgestelde afkoopsom Johnny de Mol
Legal Counsel Splits From Chima Kayes Over Lump Sum Proposed By Johnny De Mol | RTL Street

Researchers Find MD5 Collision Bug in Popular Radius Authentication Protocol

Tech
Halsey Cohen

Researchers Find MD5 Collision Bug in Popular Radius Authentication Protocol

Researchers have discovered a vulnerability in the widely used Radius authentication protocol. It contains a collision bug that makes it possible to carry out a man-in-the-middle attack. This is possible because server authentication works on the MD5 hash algorithm.

Researchers call this weakness Explosion radius. This is also where the vulnerability lies: in the Remote Authentication Dial-Up User Service protocol. This is an old authentication protocol, but it is still widely used and is primarily used in business networking equipment. It is also used to establish connections in fiber optic connections or VPNs. The vulnerability is traced to CVE-2024-3596According to the researchers, all Radius applications that run over UDP are vulnerable. Several manufacturers have now released patches for this bug. The researchers recommend that administrators turn to those specific manufacturers for a solution. In addition to the researchers Description of relief.

The vulnerability is actually an MD5 collision attack, but according to the researchers, it is more sophisticated than a regular attack. Radius still uses MD5, a hashing algorithm that has not been considered secure for at least twenty years. “Although MD5 collision was first demonstrated in 2004, it does not appear possible to exploit it in the context of the Radius protocol,” the researchers wrote.

The vulnerability lies in the way Radius validates the access acceptance response when creating authentication. This is done using an MD5 hash that times out after a few minutes. As a result, a serious collision attack would not have been possible, as the attacker would need more than a few minutes to do so.

Researchers now say what is called Selected prefixCollision. This is possible because access request packets do not contain integrity checks. In their attack, the researchers demonstrated that they could prefix an access request with its prefix, making it easier to perform a collision.

In practice, the researchers say, such a collision would still take minutes to occur. They created a proof of concept where it took them three to six minutes to calculate the collision. But the researchers note that their algorithm could easily be optimized on different machines, allowing an attacker with the right resources to work tens to hundreds of times faster.

Explosion radius

Leave a Reply

Your email address will not be published. Required fields are marked *

Back To Top