This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

JumpCloud RADIUS and RADIUS Protocol Spoofing Vulnerability (Blast-RADIUS)

paul_user
Novitiate II

‎07-11-2024 02:05 PM

Is the JumpCloud RADIUS server susceptible to the Blast-RADIUS attack announced this week? 

https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-radius-spoofi...

4 REPLIES 4

interpipes
Novitiate I

‎07-15-2024 12:19 PM - edited ‎07-15-2024 12:24 PM

Presumably yes, as it appears that the JumpCloud RADIUS service does not currently return a Message-Authenticator as part of it's response, and I can't find any evidence that they support TLS transport of RADIUS requests (aka 'radsec' / RFC6614) either.

It does require the attacker to be able to MITM the connection between your RADIUS client device and JumpCloud, but it hopefully will still be addressed as a priority given the implications.

BScott
Community Manager Community Manager
Community Manager

‎07-15-2024 04:19 PM

We are aware of it and our teams are currently performing analysis.

Like someone's post? Give them a kudo!
Did someone's answer help you? Please mark it as a solution.

nealjacob
Novitiate I

‎07-30-2024 06:56 AM

Hi,

Is there an update to this, or a dedicated page to track any updates?

Thanks

0 Kudos

BScott
Community Manager Community Manager
Community Manager
In response to nealjacob

‎07-30-2024 01:15 PM

For now we just ask that you contact your account or customer success manager for updates.

Like someone's post? Give them a kudo!
Did someone's answer help you? Please mark it as a solution.

0 Kudos
You Might Like

New to the site? Take a look at these additional resources:

Community created scripts

Keep up with Product News

Read our community guidelines

Ready to join us? You can register here.