Project

General

Profile

Bug #11055

Insecure FreeRADIUS defaults

Added by Brian Shea 2 months ago. Updated 5 days ago.

Status:
Feedback
Priority:
Normal
Category:
FreeRADIUS
Target version:
-
Start date:
11/11/2020
Due date:
% Done:

0%

Estimated time:
Affected Version:
2.4.5-p1
Affected Architecture:
All

Description

  • "Disable Weak EAP Types" (EAP tab, EAP section) should be enabled by default
  • "Default EAP Types" (EAP tab, EAP section) should be set to PEAP by default
  • "Check Cert Issuer" (EAP tab, EAP-TLS section) should be enabled by default
  • "Check Client Certificate CN" (EAP tab, EAP-TLS section) should be enabled by default
  • "RADIUS Logging" (Settings tab, Logging Configuration section) seems to be enabled by default despite the description saying the default is disabled

History

#1 Updated by Danilo Zrenjanin 12 days ago

Changing the default values would potentially break current setups where the weak types are already selected.

#2 Updated by Danilo Zrenjanin 12 days ago

"RADIUS Logging" (Settings tab, Logging Configuration section) seems to be enabled by default despite the description saying the default is disabled

The description is not correct. "Enable" is the default value.

#4 Updated by Renato Botelho 5 days ago

  • Status changed from New to Feedback
  • Assignee set to Danilo Zrenjanin

PR has been merged. Thanks!

Also available in: Atom PDF