Summary:
- A critical flaw in the 30-year-old RADIUS protocol, known as the BlastRADIUS attack, allows attackers to bypass multi-factor authentication and gain unauthorized network access.
- The vulnerability (CVE-2024-3596) affects many devices like switches, routers, access points, and VPN products due to unauthenticated Access-Request packets lacking integrity checks.
- To mitigate the risk, all RADIUS servers must be upgraded, as upgrading only the clients will not secure the network.
!