Blast RADIUS: A Critical Security Vulnerability

Tuesday, July 9th 2024 - 2:00 PM (EDT)

Past event

BlastRADIUS is a thirty year-old design flaw in the RADIUS protocol.  Exploiting the vulnerability allows an attacker to authenticate anyone to your local network:

  • • Any Multi-Factor Authentication (MFA) can be bypassed
  • • Unknown users can be given network access
  • • Unknown users can be granted administrative login to key networking equipment
  • • Known users can have their traffic redirected to a “honeypot”

BlastRADIUS has a CVSS score of 9.0, which is extremely high

Alan DeKok will explain what BlastRADIUS is, who is at risk, and how to protect yourself.

The audience for this webinar is implementers, system administrators, and people generally familiar with RADIUS.

Alan DeKok first signaled the alert for this security flaw in 1998, and wrote an RFC for the IETF with a proposal to address it in 2007. After the exploit was developed by Nadia’s team, all RADIUS vendors have followed our vendor guide to update their products. The RADIUS standards will be updated based on the RFC document Alan DeKok authored for the IETF.

See the InkBridge Networks BlastRADIUS resource page.

Alan Dekok headshot

Subscribe to InkBridge Networks
News & Updates

Alan DeKok
Powered by  GDPR Cookie Compliance
Privacy Overview

This website uses cookies so that we can provide you with the best user experience possible. Cookie information is stored in your browser and performs functions such as recognising you when you return to our website and helping our team to understand which sections of the website you find most interesting and useful.