Bugtraq mailing list archives
Re: More problems with RADIUS (protocol and implementations)
From: Joshua Hill <josh () untruth org>
Date: Tue, 13 Nov 2001 12:54:38 -0800
On Tue, Nov 13, 2001 at 12:16:02PM -0500, aland () striker ottawa on ca wrote:
Some points in that message were also covered by Joshua, he added a number of good points, and missed a few others. Specifically, rfc2869 defines the Message-Authenticator attribute, which is used to sign packets. This signature allows Access-Request packets to be verified, negating the security problems of spoofed packets.
Unless the attacker simply removes the Message-Authenticator from the packets before replaying them... Leaving out any reference to rfc2869 was an oversight on my part. I recently updated the online version of my analysis with pertinent information regarding the Message-Authenticator. Take a look at the last two paragraphs of section 4.2 at: http://www.untruth.org/~josh/security/radius/radius-auth.html Thanks for your comments, Josh
Current thread:
- More problems with RADIUS (protocol and implementations) 3APA3A (Nov 13)
- Re: More problems with RADIUS (protocol and implementations) aland (Nov 13)
- Re: More problems with RADIUS (protocol and implementations) Joshua Hill (Nov 13)
- Re: More problems with RADIUS (protocol and implementations) Miquel van Smoorenburg (Nov 13)
- Re: More problems with RADIUS (protocol and implementations) aland (Nov 13)