The BlastRADIUS vulnerability announced July 9 by cybersecurity researchers involves the RADIUS protocol which underlies most network connections worldwide. When the researchers discovered this critical vulnerability, their first call was to Alan DeKok, CEO of InkBridge Networks and the foremost expert on network authentication and RADIUS.

“The BlastRADIUS vulnerability has far-reaching implications. We believe that Internet service providers, businesses, and many cloud service providers are affected by this issue. Everyone who runs enterprise or ISP networks should be concerned,” explains DeKok.

The upgrade needed to resolve this exposure is specific to each vendor of RADIUS servers. DeKok and the team at InkBridge Networks have released a new version of FreeRADIUS to address this issue, which is available at https://inkbridgenetworks.com/blastradius.

The computer networks of most companies worldwide are exposed to the BlastRADIUS vulnerability. If this vulnerability is not corrected, unauthorized users could gain access to the network at the highest levels of authority. Organizations should act swiftly to resolve this threat.

“The problem is a design flaw in the RADIUS protocol, and is not limited to equipment from one vendor. In order to address this critical security issue, network technicians will have to install a firmware upgrade and reconfigure essentially every switch, router, GGSN, BNG, and VPN concentrator around the world,” says DeKok. “We expect to see a lot of talk and activity related to RADIUS security in the next few weeks.”

  • For businesses, universities, cloud service providers and Internet service providers using RADIUS, this issue must be addressed in order to secure network access.
  • For individuals using the Internet from home, this security vulnerability must be resolved by their Internet service provider.

The vulnerability affects systems using the RADIUS protocol, a communications procedure that underpins authenticated network access. When a user logs in to a local network using a username and password, likely the RADIUS protocol is involved in that information exchange. RADIUS servers are a foundation layer for securing corporate and ISP networks.

“You lock your office doors to protect business assets, but without RADIUS authenticated users, everyone has open access to your network, and no keys are required. Talk to your IT department, network admins, system administrators and security team about protecting your data,” says DeKok. “The discovery of the BlastRADIUS issue means that network technicians need to upgrade essentially all of the devices involved in network security, identity, and authentication.”

How to fix the BlastRADIUS vulnerability

  • We have released a new version of FreeRADIUS (https://freeradius.org) to address this issue. DeKok is one of the founders of the FreeRADIUS project, the leading RADIUS server, and the product behind most cloud identity companies.
  • Firmware updates to protect networking devices against the BlastRADIUS vulnerability are available from the vendor of your networking equipment.
  • DeKok and InkBridge Networks will host a webinar on Tuesday, July 9th 2024 at 9:00 AM (EDT) to discuss the implications and solutions to BlastRADIUS. Sign up here to attend or receive the recording.
  • A second webinar will be hosted later in the day Tuesday, July 9th 2024 at 14:00 (EDT). Sign up here to attend or receive the recording.
  • For background about the BlastRADIUS vulnerability and the solution, visit the BlastRADIUS information page here https://inkbridgenetworks.com/blastradius/faq.
  • InkBridge Networks offers documentation and an audit service that will assess a system’s exposure to BlastRADIUS and other network infrastructure issues. Review those options here: https://inkbridgenetworks.com/blastradius.

About InkBridge

InkBridge Networks engineers, supports, and installs foundational network solutions for authentication and network security. The core team at InkBridge Networks founded and continues to maintain the open-source FreeRADIUS Project, the world’s most popular RADIUS server, supporting 100s of millions of users every day.

Formerly known as Network RADIUS, the company has an international team of network access architects and engineers with decades of experience providing complex, low-risk network solutions, including RADIUS, DHCPv4, DHCPv6, TACACS+, and DNS. InkBridge Networks provides solutions engineering, support packages, consulting, and training optimized for mid-size to large enterprises, Internet service providers and universities. InkBridge products are used by OEM vendors as the basis for nearly all available RADIUS solutions.

Jana Sedivy InkBridge Networks jana.sedivy@inkbridgenetworks.com InkBridgeNetworks.com