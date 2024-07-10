InkBridge, a security vendor, has published the discovery of a thirty-year-old design flaw in the RADIUS protocol. The flaw was discovered by researchers from a variety of institutions and companies including Microsoft Research. InkBridge is calling the vulnerability the BlastRADIUS attack, and warns that many networks, internet service providers, and telecommunications companies are at risk. Essentially, “some Access-Request packets are not authenticated and lack integrity checks.” This allows an attacker to control who can access a network, bypassing multi-factor authentication. InkBridge’s recommendation is that every single RADIUS server across the globe should be updated to address the flaw. There is no evidence that the vulnerability is currently being exploited, and such an attack would be very costly. However, these costs would be minuscule for nation-states looking to target users.

