New attack against the RADIUS authentication protocol:

The Blast-RADIUS attack allows a man-in-the-middle attacker between the RADIUS client and server to forge a valid protocol accept message in response to a failed authentication request. This forgery could give the attacker access to network devices and services without the attacker guessing or brute forcing passwords or shared secrets. The attacker does not learn user credentials.

This is one of those vulnerabilities that comes with a cool name, its own website, and a logo.

News article. Research paper.

Leave a Reply

Your email address will not be published. Required fields are marked *

Explore More

CISA Releases Eight Industrial Control Systems Advisories

April 25, 2024 0 Comments 0 tags

CISA released eight Industrial Control Systems (ICS) advisories on April 25, 2024. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS. ICSA-24-116-01 Multiple Vulnerabilities in

Read More

NSA Launches Guidance for Secure AI Deployment

April 22, 2024 0 Comments 0 tags

The new document is the first release from NSAā€™s Artificial Intelligence Security Center (AISC), in partnership with other government agencies in the US and other Five Eyes countries

Read More

Microsoft Patch Tuesday, July 2024 Edition

July 9, 2024 0 Comments 0 tags

Microsoft Corp. today issued software updates to plug at least 139 security holes in various flavors of Windows and other Microsoft products. Redmond says attackers are already exploiting at least

Read More