Blast-RADIUS mitigation by the AXL RADIUS Server

BLAST-RADIUS is an attack against RADIUS servers by forging a response packet with a MD5 collision  by injecting a malicious Proxy-State attribute. The plan is to have that packet rejected and submit a new response with credentials to acquire access to a better class of customer with higher rewards when successfully hacked.

Other servers are more trusting servers behave as oracles for the existence of customers and the erroneous behavior  informing the   attacker succeeded or failed.

The  AXLRADIUS Server included a security code in the Proxy-State attribute wiped out by C during the attack. When the packet arrives with the malformed Proxy-State the AXLRADIUS Server drops the packet foiling the attack.

The server was again hardened against Blast-RADIUS in September 2001 when the Message-Authenticator attribute was introduced. Virtually no server administrators enabled the Message-Authenticator (MA) since hardly any clients/servers bothered to implement the MA or mandate usage for years.

The inclusion of the Message-Authenticator is more common with more servers using EAP-Message attributes (MA is required)  but use is still limited in non EAP packets. The AXL RADIUS  Server could enforce the MA for all clients but administrators of clients would not require mandatory use mostly because of the  limited interest in adding the MA to all authentication and Status-Server packets. Older servers and clients not supporting MA’s abound.

Accounting packets simply cannot contain proper MA’s. Cisco® introduced the MA that merely covered the attribute section of the packet which is hardly a whole message authenticator. It may work but is not widely used outside of Cisco®.

Blast-RADIUS overwrites the initial attributes clobbering the MA which is recommended to be the first attribute. If MA’s are mandated for all packets this would cause the packet to be dropped by a compliant server if the MA is missing.

Even though the Message-Authenticator is still poorly accepted an additional protection the Proxy-State attribute signature was introduced in October 1999 during initial coding.  A random prefix signature is prepended to legitimate AXL RADIUS Proxy-State information.  Receipt of a  packet with one or more Proxy-State  attributes are checked by the AXLRADIUS Server for at least one Proxy-State with the signature .

The initial purpose was to find our Proxy-State if the list was out of order and drop the packet if no Proxy-State for the local server was found.

Failure  to find  the  signature prevents any further processing . Therefore any Proxy-State data injected by Blast-RADIUS is highly unlikely to accidently produce the signature format in the collision data it places in the Proxy-State attribute(s).  Since  the  prefix signature  is missing the packet is silently dropped thwarting the  rest of the attack to log in  with fake credentials or provide fake accounting information. This applies to any packet type with a Proxy-State.

More information can be found here:

RADIUS protocol susceptible to forgery attacks.

and here in a technical paper. if you want to get into the weeds.