RADIUS/UDP vulnerable to improved MD5 collision attack
The MD5 cryptographic hash function, first broken in 2004, continues to be used in network protocols despite advancements in cryptography. One such protocol is RADIUS (Remote Authentication Dial-In User Service), which remains critical for remote access authentication and has been found vulnerable to an improved attack exploiting MD5's weaknesses. This post discusses the attack, its implications, and potential mitigations, including transitioning to RADIUS over TLS or requiring the Message-Authenticator attribute in all modes of RADIUS/UDP.
Company
Cloudflare
Date published
July 9, 2024
Author(s)
Sharon Goldberg, Miro Haller (Guest Author), Nadia Heninger (Guest Author), Michael Milano (Guest Author), Dan Shumow (Guest Author), Marc Stevens (Guest Author), Adam Suhl (Guest Author)
Word count
4255
Language
English
Hacker News points
36