Multiple Password Prompts

Alan DeKok aland at ox.org
Sat Aug 6 02:55:24 CEST 2005


ragan_davis at colstate.edu wrote:
> I agree.  In their argument, they even pointed me to a security web site
> that supposedly listed 42 freeradius vulnerabilities, most of which had
> still not been addressed (according to them).

  Liars.  This isn't just incompetence, it's pretty close to libel.

> I visited the site, read the material, followed the links, and
> apparently they just typed "freeradius" and clicked "search", and
> didn't actually read the results, because half of the results were
> totally unrelated and the rest were describing things that were
> fixed in version 0.4 or something.

  Do that on CERT, for example, and you'll get stacks of hits for
FreeRADIUS, most of which say things like "FreeRADIUS: no response
from vendor for vulnerability FOO in Mozilla."

  Personally, I interpret their attitude as indicating that FreeRADIUS
is significantly cutting into their sales.  If they have to lie about
it to make their sales, it shows that FreeRADIUS is so much better
than their product that they just can't compete on a technical level.

  Alan DeKok.



More information about the Freeradius-Users mailing list