We are pleased to announce the release of Radiator version 4.29. The latest release includes security fixes for the newly published BlastRADIUS protocol vulnerability, and the usual usability and interoperability improvements.
New usability improvements
- Tested and supported for Ubuntu 24.04
- AuthBy LDAP2 improvements
- CEF and JSON logging fixes
Updates to address BlastRADIUS protocol vulnerability
Radiator is actively engaged with IETF’s radext working group and we have been working under embargo to implement the fixes based on the work done in the group.
- Add a new flag parameter LimitProxyState to Client clauses. This parameter allows dropping those requests from non-proxy clients that contain Proxy-State but do not contain Message-Authenticator. Ensure that ServeRADSEC drops requests with bad Message-Authenticator instead of just logging them. The upcoming Radius transport update by IETF’s radext working group will remove the redundant signatures but keep them for the current transport profile. LimitProxyState addresses CVE-2024-3596
- Update RADIUS Message-Authenticator attribute handling. Message-Authenticator is always added as the first attribute in Radius messages. Message-Authenticator is now added automatically to replies to Access-Request messages and to Access-Request messages when they are proxied.
- RequireMessageAuthenticator is now available for AuthBy RADIUS and its subclasses. It can be set for all hosts in an AuthBy or host-by-host basis. This parameter requires a valid Message-Authenticator in proxy replies.
- A new configuration flag -no_message_authenticator is available in radpwtst to skip Message-Authenticator in Access-Requests.
Please see the security notice for more information on CVE-2024-3596 and our security recommendations.
New attributes ensuring interoperability
- Vendor specific attributes updated in the Radiator dictionary for Arista, Dell, ELTEK, Force10, Mojo, and Teldat.
More detailed changes can be found in the revision history.
Radiator updates are available to download for current licensees from the downloads page and the Radiator repository.
Would you like to know more?
As always, you can contact the Radiator team at info(a)radiatorsoftware.com – we are happy to learn more about your use case and assist you!