Actions
Bug #11055
closed
Insecure FreeRADIUS defaults
Start date:
11/11/2020
Due date:
% Done:
0%
Estimated time:
Plus Target Version:
Affected Version:
2.4.5-p1
Affected Plus Version:
Affected Architecture:
All
Description
- "Disable Weak EAP Types" (EAP tab, EAP section) should be enabled by default
- "Default EAP Types" (EAP tab, EAP section) should be set to PEAP by default
- "Check Cert Issuer" (EAP tab, EAP-TLS section) should be enabled by default
- "Check Client Certificate CN" (EAP tab, EAP-TLS section) should be enabled by default
- "RADIUS Logging" (Settings tab, Logging Configuration section) seems to be enabled by default despite the description saying the default is disabled
Updated by Danilo Zrenjanin over 3 years ago
Changing the default values would potentially break current setups where the weak types are already selected.
Updated by Danilo Zrenjanin over 3 years ago
"RADIUS Logging" (Settings tab, Logging Configuration section) seems to be enabled by default despite the description saying the default is disabled
The description is not correct. "Enable" is the default value.
Updated by Danilo Zrenjanin over 3 years ago
https://github.com/pfsense/FreeBSD-ports/pull/1022 - description update.
Updated by Renato Botelho over 3 years ago
- Status changed from New to Feedback
- Assignee set to Danilo Zrenjanin
PR has been merged. Thanks!
Updated by Danilo Zrenjanin over 3 years ago
- Status changed from Feedback to Resolved
Tested on the latest snapshot. It's fixed. Ticket resolved.
Actions