Collaborate Disseminate
A new critical security vulnerability in the RADIUS protocol, dubbed BlastRADIUS, leaves most networking equipment open to Man-in-the-Middle (MitM) attacks. While the vulnerability can be difficult to exploit, the possible impact of an exploit is subst… Continue reading Critical vulnerability in the RADIUS protocol leaves networking equipment open to attack
I’m setting up RADIUS server using FreeRADIUS and self-signed certificate. Tested using eapol_test and successfully logged in. But when I’m trying to add a PC running Ubuntu 22.04 LTS to the network, it failed to pass EAP-TLS authenticate…. Continue reading Ubuntu 22.04 LTS: EAP-TLS not working [migrated]
I am using freeradius to test EAP-TLS. Authorization only succeeds if I specify an identity. It doesn’t even have to match any fields in the client certificate. Why is that required if I have a cert and private key? I know the EAP protocol… Continue reading EAP TLS identity requriements
While WPA2-PSK and WPA3-SAE are really secure once a connection has been established, my understanding is that if you have access to the Wi-Fi password you can impersonate the AP without any problems. I’m starting to add more and more IoT … Continue reading WPA(2/3)-PSK-compatible per-device Wi-Fi passwords to prevent AP MITM on IoT networks
I set EAP-TLS on my FreeRadius server, and i want to try the certificate-based authentication for a testing. I set up an Apache as a webservice and enabled ssl on it. I could redirect the basic username-password authentication to the radiu… Continue reading FreeRadius and Apache Mutual authentication
According to the freeradius document https://freeradius.org/radiusd/man/rlm_pap.txt I can use NT-Password as the type of storing user’s password. However, I have only found the type of generating raw MD4 as NTLM Hash. As I need to use MSCH… Continue reading Are there other types of NT Password (NTLM Hash) besides raw MD4?
According to the freeradius document https://freeradius.org/radiusd/man/rlm_pap.txt I can use NT-Password as the type of storing user’s password. However, I have only found the type of generating raw MD4 as NTLM Hash. As I need to use MSCH… Continue reading Are there other types of NT Password (NTLM Hash) besides raw MD4?
I recently set up a freeradius server and would like to change the user password that is presently in cleartext to encrypted in the /etc/freeradius/3.0/users file.
This is what it looks like on the server.
When I authenticate on the serve… Continue reading How to encrypt user password in Freeradius [migrated]
I am trying to use Freeradius 3.0 for authentication with certificates. To generate the CA, Server and Client certificate, make is available, reading a specific configuration file for each certificates (more information about it here).
The… Continue reading Unable to decrypt password protected certificates with Freeradius or from GUI
I am discovering both Freeradius and the password hashing mechanism. I built a database (in MySQL) to store the passwords of some users. I have a user with the password in clear text, another one hashed in SHA256 without salt and the last … Continue reading How can Freeradius detect if the password provided is right when only the salted hash is stored in the database without the salt