Security Advisories

---

• CERT: "RADIUS protocol susceptible to forgery attacks. Vulnerability Note VU#456537"
• CVE-2024-3596
• NIST National Vulnerability Database: "CVE-2024-3596"
• Centre for Cybersecurity Belgium: "WARNING: A HIGH SEVERITY VULNERABILITY IS AFFECTING THE RADIUS PROTOCOL"
• Canadian Centre for Cyber Security: "Alert - RADIUS Protocol Susceptible to Forgery Attacks"
• InkBridge Networks: "Blast RADIUS Resource Hub"
• Microsoft: "KB5040268: How to manage the Access-Request packets attack vulnerability associated with CVE-2024-3596"
• Siemens: "RADIUS Advisory and the benefits of ProductCERT’s improved formats"
• Eduroam: "eduroam response to the Blast!RADIUS vulnerability"
• Amazon Linux Security Center: "CVE-2024-3596"
• Radiator Software: "Security Notice: BlastRADIUS protocol vulnerability (CVE-2024-3596) fixed in Radiator v4.29"
• Palo Alto Networks Security Advisories: "CVE-2024-3596 PAN-OS: CHAP and PAP When Used with RADIUS Authentication Lead to Privilege Escalation"
• SUSE: Security update for freeradius-server
• LoginTC: "Blast-RADIUS Vulnerability: How to protect your organization"
• Arista Networks: "Security Advisory 0101"

Media Coverage

---

• Ars Technica: "New Blast-RADIUS attack breaks 30-year-old protocol used in networks everywhere"
• Cloudflare: "RADIUS/UDP vulnerable to improved MD5 collision attack"
• Bleeping Computer: "New Blast-RADIUS attack bypasses widely-used RADIUS authentication"
• The Register: "RADIUS networking protocol blasted into submission through MD5-based flaw"
• CWI News: "Vulnerability demonstrated in RADIUS/UDP network protocol"
• Security Boulevard: "'Blast-RADIUS' Critical Bug Blows Up IT Vacation Plans"
• CSO: "MD5 attack puts RADIUS networks everywhere at risk"