On the 10th of December 2021 a vulnerability (CVE-2021-44228) in a popular Java-based logging utility log4j was published. Since then we have received some customer queries about Radiator’s vulnerability. Radiator does not utilise Java or log4j as a component of our...
Summary EAP-pwd did not properly validate received values. This allows an attacker to authenticate as any user without knowing the password. A separate vulnerability causes a crash in TLS-based modules, such as RadSec and EAP-TLS, that use policy OID checks. Affected...
Summary Certificate verification was loading CA certificates from OpenSSL default locations. This could cause certificates from unexpected CAs to be considered valid when validating certificate chains. Affected Radiator versions All Radiator versions that support...
Summary Vulnerabilities were discovered in SIP digest authentication, Quote special formatter, Digipass MSCHAP authentication, and AuthBy HEIMDALDIGEST. Affected Radiator versions These vulnerabilities affect Radiator versions up to 4.17. Quote special formatter was...
Summary Vulnerabilities were discovered with Radiator’s AuthBy LDAP2 authentication when used with Extended Authentication Protocol (EAP) and certain Radiator and LDAP configurations. Affected Radiator versions The vulnerability affects Radiator versions up to...
Summary A vulnerability was discovered in Radiator Extended Authentication Protocol (EAP) EAP-TLS and PEAP implementations affecting TLS session resumption. A second unrelated vulnerability in string formatting can cause a denial of service (DOS) crash or other...
