FYI for people using radsecproxy and eduroam

Alan DeKok aland at
Fri Sep 3 03:59:01 CEST 2021

  It's possible to bypass much of the security of Eduroam simply by playing games with DNS.

  Note that FreeRADIUS is not vulnerable to these issues.  Even though 3.0.23 supports dynamic home servers, it doesn't rely on parsing DNS records to create those definitions.

  But if we do add that support in the future (RADIUS dynamic discovery over DNS), then we will pay very close attention to these issues.

  Alan DeKok.

More information about the Freeradius-Users mailing list