cancel
Showing results for 
Search instead for 
Did you mean: 

JumpCloud RADIUS and RADIUS Protocol Spoofing Vulnerability (Blast-RADIUS)

paul_user
Novitiate II

Is the JumpCloud RADIUS server susceptible to the Blast-RADIUS attack announced this week? 

https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-radius-spoofi...

4 REPLIES 4

interpipes
Novitiate I

Presumably yes, as it appears that the JumpCloud RADIUS service does not currently return a Message-Authenticator as part of it's response, and I can't find any evidence that they support TLS transport of RADIUS requests (aka 'radsec' / RFC6614) either.

It does require the attacker to be able to MITM the connection between your RADIUS client device and JumpCloud, but it hopefully will still be addressed as a priority given the implications.

BScott
Community Manager Community Manager
Community Manager

We are aware of it and our teams are currently performing analysis.

Like someone's post? Give them a kudo!
Did someone's answer help you? Please mark it as a solution.

nealjacob
Novitiate I

Hi,

Is there an update to this, or a dedicated page to track any updates?

Thanks

BScott
Community Manager Community Manager
Community Manager

For now we just ask that you contact your account or customer success manager for updates.

Like someone's post? Give them a kudo!
Did someone's answer help you? Please mark it as a solution.