30 Jan
2025
30 Jan
'25
8:01 a.m.
In Access-Requests I can see that the Message-Authenticator is set to a randomly generated string which I would expect. However in the Access-Challenge and Access-Accept packets it is just set to all 0s (e.g. 0x0000...). What could the reason be for a random string not being generated for the replies from the server to the NAS? I added the below in response to the BlastRADIUS vulnerability notification on the FreeRADIUS but I was under the impression that FreeRADIUS should still be generating it's own string based off of HMAC and shared secret etc. * if (!EAP-Message) { update reply { Message-Authenticator := 0x00 } }*