# Blast-RADIUS Vulnerability

## What is this about?

Earlier this year, a group of RADIUS experts identified a vulnerability in the RADIUS protocol. Hackers can exploit this vulnerability to gain access to networks protected by RADIUS systems.

For more information about this vulnerability, visit <https://www.blastradius.fail/>. This site also contains a comprehensive paper on the background called "RADIUS/UDP Considered Harmful".

The vulnerability is also documented as [CVE-2024-3596](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-3596):

> RADIUS Protocol under RFC 2865 is susceptible to forgery attacks by a local attacker who can modify any valid Response (Access-Accept, Access-Reject, or Access-Challenge) to any other response using a chosen-prefix collision attack against MD5 Response Authenticator signature.

## Is RADIUSaaS affected?

{% hint style="success" %}
RADIUSaaS is not affected by the Blast-RADIUS vulnerability.
{% endhint %}

RADIUSaaS only supports EAP-based authentication protocols. If EAP is properly implemented in all components of your infrastructure, the mechanism described in this vulnerability will not be effective.

## Since RADIUSaaS is not affected, is my whole environment OK?

It is important that all components in your environment have proper implementations. We recommend that you check with your network equipment vendor to ensure that they have updated their systems, if needed.


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://docs.radiusaas.com/other/faqs/blast-radius-vulnerability.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.