Is Foxpass susceptible to Blast-RADIUS?

Blast-RADIUS, assigned CVE-2024-3596, is a man-in-the-middle (MITM) attack against susceptible RADIUS environments and uses.

For Foxpass customers, the take-aways are:

  1. EAP-based protocols (EAP-TLS, EAP-TTLS, PEAP) are not vulnerable. These three protocols are what Foxpass uses to authenticate wireless and wired users for 802.1x.
  2. Regardless of protocol, any RADIUS connection using RadSec (RADIUS over TLS) is not susceptible to the attack.
  3. Customers using Foxpass RADIUS for VPN authentication, or for console access to routers and switches, should consider utilizing our RADIUS Proxy which is not vulnerable. If you cannot use the RADIUS Proxy, please contact support to see if your RADIUS clients are vulnerable to this attack.
  4. Customers using Foxpass for MAC-address based authentication should connect with Foxpass customer support to examine the particular use-case for your network.