FYI for people using radsecproxy and eduroam
Alan DeKok
aland at deployingradius.com
Fri Sep 3 03:59:01 CEST 2021
https://www.usenix.org/conference/usenixsecurity21/presentation/jeitner
It's possible to bypass much of the security of Eduroam simply by playing games with DNS.
Note that FreeRADIUS is not vulnerable to these issues. Even though 3.0.23 supports dynamic home servers, it doesn't rely on parsing DNS records to create those definitions.
But if we do add that support in the future (RADIUS dynamic discovery over DNS), then we will pay very close attention to these issues.
Alan DeKok.
More information about the Freeradius-Users
mailing list