Re: Serious bug in "radius" dialup authentication software

From: James Sneeringer (jvsat_private)
Date: Sun Feb 22 1998 - 22:23:17 PST

Next message: Mark M Marko: "FoolProof Insecurities"

Previous message: Phillip R. Jaenke: "Re: RADIUS (Summary)"
Maybe in reply to: Phillip R. Jaenke: "Serious bug in "radius" dialup authentication software"
Next in thread: Dale E. Reed Jr.: "Re: Serious bug in "radius" dialup authentication software"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Sun, 22 Feb 1998, Marco S Hyman wrote:
| Look at radius.h in the original Livingston code.  You'll see:
| #define AUTH_STRING_LEN         128     /* maximum of 254 */

Based on some limited tested I did, PortMasters (ComOS 3.7.2) never send a
username longer than 63 characters.  Incidentally, this is the lowest
maximum length recommended by RFC 2058 (section 5.1).

I think it likely that some NAS vendor out there has (or had) a seriously
broken RADIUS implementation, such that it ends up passing some pretty
funky data to radiusd.

It would help if the original poster could also specify the make and model
of the NAS tested on, and what OS version is was running.

-James

Next message: Mark M Marko: "FoolProof Insecurities"
Previous message: Phillip R. Jaenke: "Re: RADIUS (Summary)"
Maybe in reply to: Phillip R. Jaenke: "Serious bug in "radius" dialup authentication software"
Next in thread: Dale E. Reed Jr.: "Re: Serious bug in "radius" dialup authentication software"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 13:43:10 PDT