Authors:
Sharon Goldberg, Cloudflare; Miro Haller and Nadia Heninger, UC San Diego; Mike Milano, BastionZero; Dan Shumow, Microsoft Research; Marc Stevens, Centrum Wiskunde & Informatica; Adam Suhl, UC San Diego
The Blast-RADIUS bomb logo reminded me of “Kaputt” in the original Castle Wolfenstein game
Posted by jpluimers on 2024/07/12
There is a Blast-RADIUS exploit that makes many uses of RADIUS vulnerable as they depend on MD5, and MD5 collisions have been sped up considerably. Basically only RADIUS TLS seems safe now.
The Blast-RADIUS logo on the right reminded me about using grenades in a game 40+ years old, so lets digress: Archive.org is such a great site, with for instance the original Apple ][ Manual of Castle Wolfenstein by MUSE Software (the manual is written in Super-Text which they also sold):
The PDF from [Archive] Instruction Manual: Castle Wolfenstein from Muse Software : Free Download, Borrow, and Streaming : Internet Archive is at
[Archive.org PDF view/Archive.is] archive.org/download/1982-castle-wolfenstein/1982-castle-wolfenstein.pdf
The trick in that game when entering a room full of SS-officers was to throw a grenade into a chest of grenades in the middle of that room, then quickly leaving the room, waiting a few seconds then re-entering that room.
Not many moves further, you would find the chest with the war plans and find the exit, then finish the game.
Back to Blast RADIUS
RADIUS with MD5 is broken. With TLS it is not. Expect new RADIUS releases from various manufacturers soon.
Some links:
- [Wayback/Archive] Lukasz Olejnik: “Critical vulnerability in RADIUS protocol (=everybody vulnerable) allows forging authentication messages and unauthorized network access. This flaw is due to the use of an obsolete MD5 hash function, and a novel chosen-prefix collision attack…” – Mastodon
- [Wayback/Archive] CVE – CVE-2024-3596
- [Wayback/Archive] BLAST RADIUS
- [Wayback/Archive] Cloudflare: RADIUS/UDP vulnerable to improved MD5 collision attack
- [Wayback/Archive] Royce Williams: “Cloudflare and collaborators discover fundamental RADIUS/UDP vulnerability…” – Infosec Exchange
Cloudflare and collaborators discover fundamental RADIUS/UDP vulnerability CVE-2024-3596 due to use of MD5 (“Blast-RADIUS” MitM attack). (Includes new Stevens / Heninger et al faster MD5 chosen-prefix collision attack!).
This Infosec Exchange post has replies being updated with many links (some of them are in this list because I started at the first Mastodon message and Googled from there). Be sure to watch them.
- [Wayback View PDF/View PDF] [Wayback/Archive] radius.pdf
- [Wayback/Archive] Title under embargo | USENIX
- Blast-RADIUS logo: [Wayback/Archive] 8e28e6624bfae058.png (736×313)
- [Wayback/Archive] Blast RADIUS | Inkbridge Networks offers (paid) help at various levels to investigate your RADIUS setup
More on the original Castle Wolfenstein
If you like my ADHD drift of subject, then you might like these links too:
- [Wayback/Archive] 1981 – Apple II History
- [Wayback/Archive] Castle Wolfenstein – Codex Gamicus – Humanity’s collective gaming knowledge at your fingertips.
- [Wayback/Archive] GROGNARDIA: Retrospective: Castle Wolfenstein
- [Wayback/Archive] The story of the man who made Wolfenstein – Polygon
[Wayback/Archive] 1637683-castle-wolfenstein-apple-ii-title-screen.png (563×386)
[Wayback/Archive] muse.jpg (190×85)- [Wayback/Archive] Castle Wolfenstein, PC DOS (1982) – Complete playthrough – YouTube
- [Wayback/Archive] Castle Wolfenstein (1981), Apple II – KoalaBrownie plays . . . – YouTube
--jeroen
The Wiert Corner - irregular stream of stuff 
Leave a comment