University and Big Tech cybersecurity experts have uncovered a vulnerability in a common client-server networking protocol that allows snoopers to potentially bypass user authentication via man-in-the-middle (MITM) attacks.
how hackers bypass login pages!
If the vulnerability, rated 7.5 out of 10 on the CVSS scale and tracked as CVE-2024-3596, is exploited — and it's not that easy to fix — attackers could theoretically access network devices and services without having to obtain any credentials. It requires, on a practical level, to MITM someone's network traffic and perform some quick hash-cracking.
Dubbed Blast RADIUS by researchers at Cloudflare, Microsoft, UC San Diego, CWI Amsterdam and BastionZero, you can probably guess that it affects the RADIUS network protocol. Essentially, the flaw allows someone to log into a client device that relies on a remote RADIUS server to perform the authentication check – without proper credentials.
If you're wondering how this affects you, the team notes that:
