The “secure enough” RADIUS/UDP authentication protocol may have finally met its match, and organizations that have continued to rely on RADIUS to authenticate networked devices over UDP and TCP despite its reliance on outdated cryptography are urged to take immediate action to secure their networks.
The protocol, which dates back to the early 1990s, remains widely used for network access control and authentication to switches, routers, and other networked devices. It is also used for authentication on Wi-Fi networks as well as by some ISPs to authenticate clients for DSL and fiber-to-the-home (FTTH) connections. And now, as has been proved by a team of researchers, attackers can exploit an inherent vulnerability in RADIUS to spoof authentication to network devices and potentially gain administrative control over them.
Continue reading on CSOonline.com.
Source:: Network World