研究發現RADIUS協定可讓駭客發動MitM攻擊
支付動態 · 2024-07-11
微軟、Cloudflare及加州大學聖地牙哥分校的研究人員聯合揭露編號CVE-2024-3596的Blast RADIUS漏洞,可導致RADIUS通訊協定被攻擊者用來發動中間人(MitM)攻擊
_Cloudflare
這項漏洞被研究人員稱為Blast RADIUS,正式名稱為CVE-2024-3596。
研究人員表示,這項研究目的在證明RADIUS安全防護不足,呼籲裝置廠商和標準組織IETF汰除RADIUS over UDP,並要求在更安全的通道傳輸RADIUS,如TLS。
同時研究人員也指出,或許將MD5換成較安全的SHA-2、SHA-3的雜湊演算法,可以暫時抵擋碰撞攻擊。但是由於RADIUS協定彈性不足,因此變更雜湊演算法可能造成現有實作的不相容。他們認為,基於RADIUS其他安全和隱私問題,最好的方式是IETF翻新這個協定的設計。
Popular articles
Institutional Academy that exceeded expectations marked the opening of GAT CDMX
Online Game
British gambling levy rates confirmed for each vertical
Regulation
New Jersey July Gambling Revenue Hits $606M, Sweeps Casinos Banned
Regulation
SBC Summit Canada to Make Player Safety a Key Pillar of 2026 Agenda
Marketing
Brazil Proposes Raising Gambling Tax Rate to 24%, With Revenue Allocated to Social Security and Healthcare
Regulation
GGC Awards 2026 Shines in Colombo: Honoring Leaders and Innovators in the iGaming Industry
HUIDU Focus
Are you ready to maximize your earnings? Try ProPush.me Constructor!
Marketing
Vietnam's tightening online gaming policy creates new market opportunities
Southeast Asia
HUIDU Invites You to Booth T70 at iGB L!VE 2026 — Let’s Ignite London This July!
HUIDU Focus
GAT CDMX 2025 Institutional Academy: Leaders and Experts Analyze the Present and Future of the Gaming Industry in Mexico and Lat
Sports Game
Kazakhstan plans to penalise online casino promotions
Regulation
B2B Tech Infrastructure Gains Momentum in Philippine Gaming Sector
Southeast Asia
UK MPs reopen 2025 gambling inquiry as reform stalls
Regulation
GAT Expo Puerto Rico Will Pulse with the New Era of Gaming in the Caribbean
Marketing
Full House at GAT Expo Cartagena 2026 Academic Agenda
Online Game
