VU#456537: RADIUS protocol susceptible to forgery attacks.
RADIUS, a widely used authentication protocol, has a vulnerability allowing attackers to forge authentication responses. The flaw stems from a weak integrity check in response validation. Attackers can modify valid responses, including those that reject access, to grant access without knowing the shared secret. This attack is possible because part of the hashed text used for verification is predictable. However, RADIUS servers using Extensible Authentication Protocol (EAP) or TLS encryption are unaffected. To mitigate the risk, manufacturers and operators should update RADIUS software and configurations to enforce message authentication or use TLS/DTLS encryption. Network operators should isolate and secure RADIUS protocol communications. Researchers and industry experts collaborated on this disclosure to reach multiple vendors and stakeholders.