Jesse Viviano
Occasional Visitor
The Blast-RADIUS attack breaks the RADIUS protocol that is used in various WPA-Enterprise protocols when it runs over plain UDP by attacking the use of the broken MD5 hash within the RADIUS protocol. The website for this attack is at https://www.blastradius.fail/ . News stories that report on this attack can be found at https://arstechnica.com/security/20...ear-old-protocol-used-in-networks-everywhere/ and https://www.bleepingcomputer.com/ne...k-bypasses-widely-used-radius-authentication/ .
EDIT: While the paper at https://www.blastradius.fail/pdf/radius.pdf shows that this does not break WPA-Enterprise yet due to other parts of the WPA-Enterprise protocols keeping them secure, this could become a link in a chain of attacks to break WPA-Enterprise if other parts don't hold up.
EDIT: While the paper at https://www.blastradius.fail/pdf/radius.pdf shows that this does not break WPA-Enterprise yet due to other parts of the WPA-Enterprise protocols keeping them secure, this could become a link in a chain of attacks to break WPA-Enterprise if other parts don't hold up.
Last edited: