Home page logo
/

bugtraq logo Bugtraq mailing list archives

Re: More problems with RADIUS (protocol and implementations)
From: Joshua Hill <josh () untruth org>
Date: Tue, 13 Nov 2001 12:54:38 -0800

On Tue, Nov 13, 2001 at 12:16:02PM -0500, aland () striker ottawa on ca wrote:
  Some points in that message were also covered by Joshua, he added a
number of good points, and missed a few others.  Specifically, rfc2869
defines the Message-Authenticator attribute, which is used to sign
packets.  This signature allows Access-Request packets to be verified,
negating the security problems of spoofed packets.

Unless the attacker simply removes the Message-Authenticator from
the packets before replaying them...

Leaving out any reference to rfc2869 was an oversight on my part.  I
recently updated the online version of my analysis with pertinent
information regarding the Message-Authenticator.  Take a look at the
last two paragraphs of section 4.2 at:
 http://www.untruth.org/~josh/security/radius/radius-auth.html

                        Thanks for your comments,
                        Josh


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]