Articles about BlastRADIUS Attack CVE-2024-3596 (10.7.2024)

[Eyal Estrin]

RADIUS/UDP Considered Harmful

https://www.blastradius.fail/pdf/radius.pdf

RADIUS networking protocol blasted into submission through MD5-based flaw

https://www.theregister.com/2024/07/10/radius_critical_vulnerability/

BlastRADIUS Attack Exposes Critical Flaw in 30-Year-Old RADIUS Protocol

https://www.securityweek.com/blastradius-attack-exposes-critical-flaw-in-30-year-old-radius-protocol/

Critical vulnerability in the RADIUS protocol leaves networking equipment open to attack

https://www.helpnetsecurity.com/2024/07/09/blastradius-radius-protocol-vulnerability/

Vulnerability demonstrated in RADIUS/UDP network protocol

https://www.cwi.nl/en/news/vulnerability-demonstrated-in-radiusudp-network-protocol/

RADIUS/UDP vulnerable to improved MD5 collision attack

https://blog.cloudflare.com/radius-udp-vulnerable-md5-attack

KB5040268: How to manage the Access-Request packets attack vulnerability associated with CVE-2024-3596

https://support.microsoft.com/en-us/topic/kb5040268-how-to-manage-the-access-request-packets-attack-vulnerability-associated-with-cve-2024-3596-a0e2f0b1-f200-4a7b-844f-48d1d5ab9e66

Eyal Estrin

CISSP, CCSP, CISM, CISA, CDPSE, CCSK

Blog: https://security-24-7.com  | Books: https://amzn.to/3xMI4Ak | https://bit.ly/4cyxaA6

Twitter: @eyalestrin | Mastodon: @eyale...@mastodon.social