BlastRADIUS: a CRITICAL security vulnerability
Marco Gaiarin
gaio at lilliput.linux.it
Thu Jul 11 15:00:43 UTC 2024
Mandi! Alan DeKok
In chel di` si favelave...
> BlastRADIUS has a CVSS score of 9.0, which is extremely high.
Sorry Alan; looking at https://blastradius.fail/ or https://thehackernews.com/2024/07/radius-protocol-vulnerability-exposes.html
it is not clear to me if a standard configuration 'Active Directory binded to
RADIUS' (eg, WPA2/3-Enterprise, (P)EAP, MSCHAPv2) is vulnerable or not.
MSCHAPv2 is listed as 'vulnerable', but also EAP is 'not vulnerable'. This
confuse me because i supose(d) that MSCHAPv2 *need* EAP, so...
Agains sorry, thanks.
--
More information about the Freeradius-Users
mailing list