Kai_Wilke's avatar
Kai_Wilke
Icon for MVP rankMVP
Jun 04, 2018

@Sam: A Radius Access-Request packet "MAY" contain a Message-Authenticator attribute and Radius implementers "SHOULD" adopt this security feature. But in the end its still not a "MUST" requirement for both. Please don't get me wrong, I do personally recommend to adopt this attribute (and also other useful post RFC2865 extensions, recommendations and clarifications) every single day.

 

@Stanislas: Well, its up to you to store every single attribute in a variable. But keep in mind, that some attributes may be included more than once in a single Radius request. Last but not least, you may also want to check your input validation twice. With the recent additions you are allowing an attacker to crash your TMM by sending a single handcrafted UDP datagram...

 

Cheers, Kai