Vulnerabilities
It has been discovered by many
that
RADIUS has some fundamental flaws that may allow an attacker to
compromise the integrity of a transaction. Primarily, the
User-Password protection mechanism is inherently quite insecure,
employing encryption and cryptographic techniques improperly. The
concept of a response authenticator inside the RADIUS packet is
genuinely good, but the implementation of such in the protocol is
poorly designed. The Access-Request packet is not
authenticated—at least as per the protocol
specification—by any machine party to the transaction. The
randomness of a client’s generation of request
authenticators is not really random enough. And finally, the shared
secret is a primitive method of securing RADIUS client-to-server
transactions.
Now I’ll look at each of these vulnerabilities in greater detail.