RADIUS Vulnerabilities

written by: Krelle Xijao; article published: year 2007, month 05;


In: Categories » Electronics and communication » Protocols » RADIUS Vulnerabilities

RADIUS is known to have a set of weaknesses that are either presented in the protocol itself or caused by poor client implementation. The stateless UDP protocol itself allows easier packet forging and spoofing. The vulnerabilities shown in this section do not represent a complete list of protocol issues and are shown to highlight several methods of circumventing user authentication. Attacks can be summarized into the following categories:

  • Brute-forcing of user credentials

  • Denial of services

  • Session replay

  • Spoofed packet injection

Response Authenticator Attack

The Response Authenticator is primarily an MD5-based hash. If an attacker observes a valid Access-Request, Access-Accept, or Access-Reject packet sequence, he or she can launch an exhaustive offline attack on the shared secret. An attacker can compute the MD5 hash for (Code+ID+Length+RequestAuth+Attributes), as the majority of compiling parts of the Authenticator are known, and then resume it for each shared secret guess.

Password Attribute-Based Shared Secret Attack

Because of the way the User/Password credentials are protected, attackers can gain information about the shared secret if they can monitor authentication attempts. Assuming that the cracker can attempt to authenticate with a known password and then capture the resulting Access-Request packet, he or she can XOR the protected portion of the User-Password attribute with the password they provided to the client. As the Request Authenticator is known and can be found in the client's Access-Request packet, the attacker can launch an offline brute-force attack against the shared secret.

User Password-Based Attack

This is similar to the previous attack: By knowing the shared secret the attacker can successfully enumerate the user password by modifying and replaying the modified Access-Request packets. Additionally, if the server does not enforce the user-based authentication limits, this will allow the attacker to efficiently perform an exhaustive online search for the correct user password. Always remember that a strong data authentication scheme in the Access-Request packet will make this attack almost impossible.

Request Authenticator-Based Attacks

RADIUS packet security depends on the formation of the Request Authenticator field. Thus, the Request Authenticator must be unique and nonpredictable for RADIUS to be secure. However, the protocol specifications do not emphasize the importance of Authenticator generation and create a large number of implementations that sometimes lead to a poorly generated Request Authenticator. If the client uses a PRNG that repeats values or has a short cycle, this can make the protocol ineffective in the provision of a desired level of security.

Replay of Server Responses

The attacker can generate a database of Request Authenticators, identifiers, and associated server responses by periodically sniffing and intercepting the server/client traffic. When the cracker sees a request that uses a Request Authenticator matching the database entries, he or she can masquerade as the server and replay the previously observed server response. Additionally, an attacker can replay the valid-looking Access-Accept server response and successfully authenticate to the client without valid credentials.

Shared Secret Issues

The RADIUS standard permits the use of the same shared secret by many clients. This methodology is insecure, as it allows any flawed client to compromise many machines. We advise you to carefully choose the shared secret values for each of the clients and make it a nondictionary value that is difficult to guess, while preserving physical security of the client devices.

legal disclaimer

1) Our website is not responsible for the information contained by this article as well for any and all copyright infringements by authors and writers. E-articles is a free information resource. If you suspect this article for any copyright infringements, please read the Terms of service and contact us to investigate the problem.
2) The E-articles directory team is not responsible for inaccuracies, falsehoods, or any other types of misinformation this tutorial may contain and will not be liable for any loss or damage suffered by a user through the user's reliance on the information gained here. Please read the Terms of service

Useful tools and features

Translate this article to...    Send this article to you or to a friend

Link to this article from your page   
If you like this article (tutorial), please link to it from your web page using the information above. Linking to this page, this is the only way to help us improve our service, the same time providing your visitors with a way to improve their online experience.

related articles

1. Detecting Unauthorized 802.11 Cards and Access Points
The first goal is detection. Can we tell when someone powers on a card within range of the local network? This can be done with off-the-shelf components and free software. The Cisco Aironet driver included with the more recent Linux kernels supports "RF Monitor" mode, which permits promiscuous monitoring of 802.11 packets - specifically, monitoring raw 802.11 frames to detect if there are any telltale frames broadcast by a rogue access point or card. As outlined in the original 802.11 specification, ther...

2. The HTTP Request and Response Codes
The HTTP protocol can be likened to a conversation based on a series of questions and answers, which we refer to respectively as HTTP requests and HTTP responses. The contents of HTTP requests and responses are easy to read and understand, being near to plain English in their syntax. This section examines the structure of these requests and responses, along with a few examples of the sorts of data they may contain. The HTTP Request After opening a connection to the intended serv...

3. INFRASTRUCTURE PROTOCOLS AND APPLICATIONS
H.323 H.323 defines packet standards for terminal equipment and services for multimedia communications over local and wide area  networks  communicating  with  systems  connected  to telephony networks such as ISDN. The initial version of this standard  came from the International Telecommunications Union (ITU) in June 1996. It  defines  communication over IP-based local area networks (LANs). A later version (v2), adopted in January 1998, extended it over wide are...

4. Wireless IN Services
The IN protocols and concepts can be used to implement enhanced wireless services rapidly and to have these services available across serving areas in an untethered wireless network. Some of these services are listed below: Voice-Based User Identification. This service employs a form of automatic speech recognition to validate the identity of the speaker. Access to services can then be restricted to the user whose voice (phrase) has been used to train the recognition device. Voice-Based Featur...

5. Wireless LAN and Personal Area Network
The Wireless Internet is not just wireless communications across town or the country. It is also local—sometimes in a home or office building. Wireless LANs are just becoming popular with economically  priced  wireless  Ethernet  equipment.  Standards such as IEEE 802.11, HiperLAN2, and Home RF are leading the way to untethered communications in-building or outside over small areas. Another important development is the Personal Area Network, also known as Bluetooth. Let’s take a look at each of th...

6. The Domain Concept
The solution to all of these problems is the network domain. In a domain, you only have a single name and password, which gets you into every shared PC and printer on the network. Everyone's account information resides on a central computer called a domain controllera computer so important, it's usually locked away in a closet or a data-center room. A domain controller keeps track of who is allowed to log on, who is logged on, and what each person is allowed to do on the network. When you log onto the domain with your PC,...

7. Duplexing Techniques in Wireless communication systems
Wireless communication systems have evolved through several stages of multiple-access control. The foremost controllable resource has always been the frequency spectrum. Other resources such as time, code, and space were initially manipulated in a very precarious and, therefore, ineffective manner. The early systems operated in the simplex mode in the forward link. Halfduplex systems soon appeared, in which forward link and reverse link shared the same channel. Access control was performed on a push-to-talk basis wit...

8. Wireless Networks (WiFi or 802.11)
Millions of people, have embraced the flexibility of a networking system that involves no wires at alla cordless networking technology called WiFi or 802.11 ("eight-oh-two dot eleven"). (Your Macintosh friends probably call the same thing AirPort, because that's what Apple calls it.) To get onto a wireless network, your PC needs a WiFi transmitter. Almost every laptop sold today has WiFi built in. You can also add it to a desktop in the form of a wireless card or USB adapter; either way, you gain a little antenna. Once...

9. VPN and Tunneling Protocols
Let us discuss the most common and widely used real-world VPN protocols. The growing number of users, the ease of accessibility, and the reduced cost of the Internet connection have introduced a greater need for cost-effective and secure communications without purchase of leased lines. Many companies participated in the development that resulted in the creation of different VPN standards and protocols. We discuss the most common ones here. IPSec IPSec is the most widely acknowledged, supported, and standardize...