Is Foxpass susceptible to Blast-RADIUS?

Blast-RADIUS, assigned CVE-2024-3596, is a man-in-the-middle (MITM) attack against susceptible RADIUS environments and uses.

For Foxpass customers, the take-aways are:

1. EAP-based protocols (EAP-TLS, EAP-TTLS, PEAP) are not vulnerable. These three protocols are what Foxpass uses to authenticate wireless and wired users for 802.1x.
2. Regardless of protocol, any RADIUS connection using RadSec (RADIUS over TLS) is not susceptible to the attack. If your equipment supports RadSecwe strongly encourage you to switch to it.
3. Customers using Foxpass RADIUS for VPN authentication, or for console access to routers and switches, should consider utilizing our RADIUS Proxy which is not vulnerable. If you cannot use the RADIUS Proxy, please try to enable "Enable Message Authenticator" setting on your RADIUS Client or your RADIUS Server, and see if your device is still able to authenticate.