Feature #15952: Support Message-Authenticator in the PHP RADIUS client - pfSense - pfSense bugtracker

Actions

Copy link

Feature #15952

open

Support Message-Authenticator in the PHP RADIUS client

Added by Matthew Ross 11 months ago. Updated about 11 hours ago.

Status:

Feedback

Priority:

Normal

Assignee:

Christian McDonald

Category:

Authentication

Target version:

2.9.0

Start date:

Due date:

% Done:

100%

Estimated time:

Plus Target Version:

25.11

Release Notes:

Default

Description

In response to Blast-RADIUS (CVE-2024-3596), we need more secure options for User Authentication via RADIUS. Ideally, we'd have support for EAP protocol types rather than the insecure MS-CHAP and even more insecure PAP. Or at the least, support for using the Message-Authenticator attribute in the packet.

We already have support for EAP protocol types in FreeRADIUS and for authenticating IPSec, so I'm not sure why it's not part of the User authentication RADIUS client too.

Files

RADIUSPRTCL.png (47.8 KB) RADIUSPRTCL.png

List of currently available protocols for RADIUS authentication client

Matthew Ross, 12/24/2024 04:14 PM

Actions

Copy link

Also available in: Atom PDF

Project

General

Profile

pfSense

Custom queries

Feature #15952

Support Message-Authenticator in the PHP RADIUS client

Updated by Jim Pingle 10 months ago

Updated by Alex Kolesnik 2 months ago

Updated by Christian McDonald about 14 hours ago

Updated by Christian McDonald about 13 hours ago

Updated by Marcos M about 11 hours ago