Date Aug. 14, 2024
This release includes adjustments to production.
Defect fixes
Auth Manager
RADIUS – We have implemented security improvements to address the BLAST RADIUS threat. Specifically, the team modified the Passly RADIUS agent to block BLAST-RADIUS exploits.
Remediation steps for this issue.
- Client addition of a MessageAuthenticator to all Access-Request packets.
- Servers now check for MessageAuthenticator in all Access-Request packets.
The agent must be reinstalled for the update to be applied.
- Download the latest agent from Auth Manager > Agents > Deployed Agent or via https://passlyprodwuappsa.blob.core.windows.net/files/PasslyRadius.Setup.exe
- Follow the setup guide to deploy the updated agent. https://helpdesk.kaseya.com/hc/en-gb/articles/4407403727505
Once the v7.1.0.0 agent is installed these settings can be enabled by the following steps.
- Access Passly tenant.
- Select Auth Manager.
- Select Agents.
- Select your specific RADIUS Agent.
- Select Edit under agent configuration.
- You will now notice the following setting can be enabled.
Enable/ Disable Require message-authenticator attribute. Once enabled this option blocks “BLAST-RADIUS”.
FAQ’s (Frequently Asked Questions).
- Question: Does the agent need to be reinstalled for changed to take place?
- Answer: Yes if you are using any agent older than RADIUS Agent 7.1.0.0 it needs to be upgraded.
- Question: What happens if I install the agent and the settings don’t update?
- Answer: Restart the RADIUS Service.
From an Elevated command prompt “net start PasslyRadius”.
Or navigate in Windows Server to Service.msc and select restart on Passly RADIUS Server.
What is BLAST-RADIUS?
BLAST-RADIUS is a known vulnerability in RADIUS that allows for an attack to occur from within the network. You can learn more about BLAST-RADIUS via https://www.blastradius.fail/ & https://www.inkbridgenetworks.com/web/content/2557