5 Mar
2018
5 Mar
'18
11:31 a.m.
On Mar 5, 2018, at 11:28 AM, Tony LEMEUNIER <Tony.Lemeunier@novelcom.fr> wrote:
And thanks for your reply. My radius is on private LAN, so no risk.
Do you trust all of the users who log in via the RADIUS server? a) yes - you should (mostly) be fine b) no - you will get pwned. It's not about "private LAN". The users are sending *names and passwords* to the RADIUS server, among other data. That data is under the users control, and they can change it to do malicious things. Alan DeKok.