FreeRADIUS icon indicating copy to clipboard operation
FreeRADIUS copied to clipboard

Published 20 hours ago verified publisher icon privacyidea

required message-authenticator for requests and access-challenge in privacyidea radius handling

Open mierswa opened this issue 7 months ago • 2 comments

Hello,

nowadays radius authentication has a vulnerability https://www.heise.de/en/news/Blast-RADIUS-Security-vulnerability-in-the-RADIUS-network-protocol-published-9797220.html

is there a chance to implement the message-authenticator ? I think it must be implemented in this file: https://github.com/privacyidea/FreeRADIUS/blob/master/privacyidea_radius.pm

The code has to handle message-authenticator like described in rfc 3579 https://datatracker.ietf.org/doc/html/rfc3579#section-3.2

cut out from rfc:

This attribute MAY be used to authenticate and integrity-protect Access-Requests in order to prevent spoofing. It MAY be used in any Access-Request. It MUST be used in any Access-Request, Access-Accept, Access-Reject or Access-Challenge that includes an EAP-Message attribute.

thanks for help.

mierswa avatar Jul 15 '24 10:07 mierswa