Freeradius vs Security
Alan DeKok
aland at deployingradius.com
Tue Apr 2 16:37:04 CEST 2019
On Apr 2, 2019, at 9:58 AM, Sebastian Hagedorn <Hagedorn at uni-koeln.de> wrote:
>
> Hm, are you familiar with this paper? My understanding of it is that (some) badly configured clients are vulnerable.
>
> <https://www.sciencedirect.com/science/article/pii/S0167404817302808>
Well, if people misconfigure things, then anything can happen.
I've seen similar things with FreeRADIUS. "Hi, we configured the system to not check passwords, and now anyone is let in! FreeRADIUS has a security issue"
Security is hard. Which is why most people get it wrong.
Alan DeKok.
More information about the Freeradius-Users
mailing list