Re: Serious bug in "radius" dialup authentication software
Phillip R. Jaenke (prj@NS2.NLS.NET)
Sun, 22 Feb 1998 14:17:19 +0100
>as is the case with most bugs i read in bugtraq, i tried it out on one of
>the >dialup systems we use. i entered a vaild username then entered an
>appromiately >128 character lone password....it locked up the
>authentication ...i hadreports >of noone being able to log in on that
>particular dialup system. the problem >was resolved by killing and
>restarting the radius daemon
>btw this is on a linux box.
This is another known bug, which I call the 'magic 128.' Most, if not all,
versions of radius, be it Livingston, Merit, RadiusNT, whatever, will choke
HORRIBLY if any entered field is over 128 characters. I don't know if
there's a workaround, but I haven't actually looked. I honestly don't think
anybody's going to bother with that one too much.
-Phillip R. Jaenke (prj@nls.net)
"I break Mac lover's hearts for fun; I install NetBSDm68k"