Freeradius vs Security

Alan DeKok aland at deployingradius.com
Tue Apr 2 16:37:04 CEST 2019


On Apr 2, 2019, at 9:58 AM, Sebastian Hagedorn <Hagedorn at uni-koeln.de> wrote:
> 
> Hm, are you familiar with this paper? My understanding of it is that (some) badly configured clients are vulnerable.
> 
> <https://www.sciencedirect.com/science/article/pii/S0167404817302808>

  Well, if people misconfigure things, then anything can happen.

  I've seen similar things with FreeRADIUS.  "Hi, we configured the system to not check passwords, and now anyone is let in!  FreeRADIUS has a security issue"

  Security is hard.  Which is why most people get it wrong.

  Alan DeKok.




More information about the Freeradius-Users mailing list