Skip to Main Content
RADIUS
book

RADIUS

by Jonathan Hassell
October 2002
Intermediate to advanced content levelIntermediate to advanced
206 pages
8h 30m
English
O'Reilly Media, Inc.
Content preview from RADIUS

Vulnerabilities

It has been discovered by many that RADIUS has some fundamental flaws that may allow an attacker to compromise the integrity of a transaction. Primarily, the User-Password protection mechanism is inherently quite insecure, employing encryption and cryptographic techniques improperly. The concept of a response authenticator inside the RADIUS packet is genuinely good, but the implementation of such in the protocol is poorly designed. The Access-Request packet is not authenticated—at least as per the protocol specification—by any machine party to the transaction. The randomness of a client’s generation of request authenticators is not really random enough. And finally, the shared secret is a primitive method of securing RADIUS client-to-server transactions.

Now I’ll look at each of these vulnerabilities in greater detail.

Become an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
and much more.
Start your free trial

You might also like

TCP/IP Illustrated, Volume 1: The Protocols, 2nd Edition

TCP/IP Illustrated, Volume 1: The Protocols, 2nd Edition

Kevin R. Fall, W. Richard Stevens
TCP/IP Guide

TCP/IP Guide

Charles M. Kozierok

Publisher Resources

ISBN: 0596003226Errata Page