Security Notices and Related Announcements

Security Notice: BlastRADIUS protocol vulnerability (CVE-2024-3596) fixed in Radiator v4.29

by | July 9, 2024 | News, Security news | 0 Comments

Summary In February 2024 University of California San Diego researchers and their partners reported a vulnerability discovered in the RADIUS protocol to the CERT and IETF. The RADIUS protocol vulnerability was later named BlastRADIUS. The vulnerability allows the...
Read More

Radiator is not affected by log4j vulnerability

by | December 13, 2021 | Security news | 0 Comments

On the 10th of December 2021 a vulnerability (CVE-2021-44228) in a popular Java-based logging utility log4j was published. Since then we have received some customer queries about Radiator’s vulnerability. Radiator does not utilise Java or log4j as a component of our...
Read More

Security Notice: Two vulnerabilities in Radiator: EAP-pwd authentication bypass and DoS with certain TLS configurations

by | April 10, 2019 | Security news | 0 Comments

Summary EAP-pwd did not properly validate received values. This allows an attacker to authenticate as any user without knowing the password. A separate vulnerability causes a crash in TLS-based modules, such as RadSec and EAP-TLS, that use policy OID checks. Affected...
Read More

Secure Notice: Unsecure certificate verification in Radiator

by | February 28, 2018 | Security news | 0 Comments

Summary Certificate verification was loading CA certificates from OpenSSL default locations. This could cause certificates from unexpected CAs to be considered valid when validating certificate chains. Affected Radiator versions All Radiator versions that support...
Read More

Security Notice: Vulnerabilities in OSC Radiator 4.17

by | May 10, 2017 | Security news | 0 Comments

Summary Vulnerabilities were discovered in SIP digest authentication, Quote special formatter, Digipass MSCHAP authentication, and AuthBy HEIMDALDIGEST. Affected Radiator versions These vulnerabilities affect Radiator versions up to 4.17. Quote special formatter was...
Read More

Security Notice: Vulnerabilities in OSC Radiator: Certain AuthBy LDAP2 and EAP configurations

by | September 21, 2016 | Security news | 0 Comments

Summary Vulnerabilities were discovered with Radiator's AuthBy LDAP2 authentication when used with Extended Authentication Protocol (EAP) and certain Radiator and LDAP configurations. Affected Radiator versions The vulnerability affects Radiator versions up to 4.16....
Read More

Security Notice: Two vulnerabilities in OSC Radiator: TLS based EAP session resumption and string formatting

by | October 27, 2015 | Security news | 0 Comments

Summary A vulnerability was discovered in Radiator Extended Authentication Protocol (EAP) EAP-TLS and PEAP implementations affecting TLS session resumption. A second unrelated vulnerability in string formatting can cause a denial of service (DOS) crash or other...
Read More

Security Notice: Vulnerability in OSC Radiator EAP-MSCHAPv2 and EAP-pwd could allow privilege escalation

by | July 15, 2015 | Security news | 0 Comments

Summary A vulnerability exists in Radiator Extended Authentication Protocol (EAP) EAP-MSCHAP-V2 and EAP-pwd implementations where a malicious EAP client could hide the real user identity after successful authentication. This vulnerability could allow a malicious EAP...
Read More

Security Notice: Vulnerability in OSC Radiator EAP authentication could allow unauthenticated access

by | December 3, 2014 | Security news | 0 Comments

Summary A bug exists in Radiator Extended Authentication Protocol (EAP) implementation where a malicious client could bypass EAP method restrictions. A vulnerability caused by this bug was discovered in recent Radiator releases and requires urgent attention. This EAP...
Read More
RADIATOR SECURITY ANNOUNCEMENTS MAILING LIST