JumpCloud Community

paul_user · ‎07-11-2024

Is the JumpCloud RADIUS server susceptible to the Blast-RADIUS attack announced this week?

https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-radius-spoofi...

interpipes · ‎07-15-2024

Presumably yes, as it appears that the JumpCloud RADIUS service does not currently return a Message-Authenticator as part of it's response, and I can't find any evidence that they support TLS transport of RADIUS requests (aka 'radsec' / RFC6614) either.

It does require the attacker to be able to MITM the connection between your RADIUS client device and JumpCloud, but it hopefully will still be addressed as a priority given the implications.

BScott · ‎07-15-2024

We are aware of it and our teams are currently performing analysis.

Like someone's post? Give them a kudo!
Did someone's answer help you? Please mark it as a solution.

nealjacob · ‎07-30-2024

Hi,

Is there an update to this, or a dedicated page to track any updates?

Thanks

BScott · ‎07-30-2024

For now we just ask that you contact your account or customer success manager for updates.

Like someone's post? Give them a kudo!
Did someone's answer help you? Please mark it as a solution.

JumpCloud Community

JumpCloud RADIUS and RADIUS Protocol Spoofing Vulnerability (Blast-RADIUS)