11 Jul
2024
11 Jul
'24
11 a.m.
Mandi! Alan DeKok In chel di` si favelave...
BlastRADIUS has a CVSS score of 9.0, which is extremely high.
Sorry Alan; looking at https://blastradius.fail/ or https://thehackernews.com/2024/07/radius-protocol-vulnerability-exposes.html it is not clear to me if a standard configuration 'Active Directory binded to RADIUS' (eg, WPA2/3-Enterprise, (P)EAP, MSCHAPv2) is vulnerable or not. MSCHAPv2 is listed as 'vulnerable', but also EAP is 'not vulnerable'. This confuse me because i supose(d) that MSCHAPv2 *need* EAP, so... Agains sorry, thanks. --