Project

General

Profile

Actions
Copy link

Bug #16491

open

FreeRADIUS Accounts with "%" Character in the Password String Fail Authentication

Added by Zeljko D 6 days ago. Updated 6 days ago.

Status:
Confirmed
Priority:
Normal
Assignee:
-
Category:
Authentication
Target version:
25.11
Start date:
Due date:
% Done:

0%

Estimated time:
Release Notes:
Default
Affected Plus Version:
25.07.1
Affected Architecture:
All

Description

  • FreeRADIUS user accounts that have "%" included in their passwords won't pass authentication.
  • Removing "%" from their password string, resolves the issue.
  • Also tested with FreeRADIUS instance on Ubuntu (version 3.2.5), passwords with "%" work without any issues.
  • freeradius3-3.2.7 
  • Process logs show: (2) Login incorrect (Failed retrieving values required to evaluate condition): [testuser] (from client test port 0)

Tested against:
2.8.1 CE

and

25.07.1-RELEASE (amd64)
built on Wed Aug 20 12:17:00 UTC 2025
FreeBSD 15.0-CURRENT

Actions
Copy link
 #1

Updated by Christopher Cope 6 days ago

  • Status changed from New to Confirmed
  • Target version set to 25.11

I can confirm this is an issue on

25.07.1-RELEASE (amd64)
built on Wed Aug 13 1:59:00 EDT 2025
FreeBSD 15.0-CURRENT
freeradius3 0.15.14

This version uses freeradius 3.2.7 and it seems to be related to an upstream bug: https://github.com/freeradius/freeradius-server/issues/5525

Testing on 24.11 which used freeradius 3.2.6 and there aren't any issues with '%'.

Also tested on

26.03-DEVELOPMENT (amd64)
built on Thu Oct 16 19:24:00 UTC 2025
FreeBSD 16.0-CURRENT
freeradius3 0.16.1

This version uses freeradius 3.2.8. I am getting a 503 error on any attempt to test authentication, so I'm unable to confirm the original issue no longer exists.

Actions
Copy link

Also available in: Atom PDF