Message-Authenticator in Access-Challenge and Access-Accept
FreeRAD
yetifreerad at gmail.com
Thu Jan 30 13:01:12 UTC 2025
In Access-Requests I can see that the Message-Authenticator is set to a
randomly generated string which I would expect. However in the
Access-Challenge and Access-Accept packets it is just set to all 0s (e.g.
0x0000...). What could the reason be for a random string not being
generated for the replies from the server to the NAS?
I added the below in response to the BlastRADIUS vulnerability notification
on the FreeRADIUS but I was under the impression that FreeRADIUS should
still be generating it's own string based off of HMAC and shared secret etc.
* if (!EAP-Message) { update reply { Message-Authenticator := 0x00 } }*
More information about the Freeradius-Users
mailing list