Ascend Archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

(ASCEND) Radius "bug"?




For those of you who also read the "bugtraq" mailing list, you'll
understand why I've been poking around at this.  :)  There have been
a number of posts regarding "radius oddities" lately.  Anyway, we are
using Ascend's version of radiusd via Solaris, and I've found that if I 
enter a username including a space, radius will simply ignore the space and
everything after it...but it still shows up in all of the log files
and accounting records.  In other words, if my username was "foo", and
I entered "foo is the coolest user at this site" as my username, and
gave my correct password, I would be authenticated just fine, and that
whole sentence would show up in the radius accounting logs and such.
I'm not sure that there's any real threat with this, but it's my
understanding that most radius servers will deny authentication to
any username with a space in it.

disclaimer: we have made some modifications to our radiusd code, so
            there's a chance this is something that we induced.  So,
            I would greatly appreciate it if anyone could confirm/deny
	    that this isn't specific to our site.  Thanks!

___________________________________________________________________________
Joe Pautler, E.I.T.                             University at Buffalo
CIT/OSS Network Engineering                     224 Computing Center
http://www.oss.buffalo.edu/~pautler             (716) 645-3536

++ Ascend Users Mailing List ++
To unsubscribe:	send unsubscribe to ascend-users-request@bungi.com
To get FAQ'd:	<http://www.nealis.net/ascend/faq>


Follow-Ups: