[RADIATOR] move Message-Authenticator to the top ?
Patrik Forsberg
patrik.forsberg at globalconnect.se
Mon Sep 9 06:10:41 UTC 2024
> This is done by the latest release, Radiator 4.29. The reason for the change is
> the recent vulnerability in Radius protocol that was made public in July. For
> more information about Blast-RADIUS, CVE-2024-3596, please see:
Oh, I see - perfect thanks ??
Upgrade sounds like a good plan then :>
> Hmm, can you let me know what's the device in question? You can reply to me
> directly too. The position of Message-Authenticator should not matter, even
> when considering Blast-RADIUS mitigation.
That was my thinking and I've already pushed a ticket to the vendor about it - I'll respond privately to you which - but as it is the bleeding edge release of a software it might be that the configuration knob to disable this behavior hasn't been implemented yet...
> To summarise: upgrade to Radiator 4.29 and Message-Authenticator is
> automatically added as the first attribute.
Yep, thanks ??
---
Best Regards,
Patrik
More information about the radiator
mailing list