(ASCEND) Radius Security Bug

To: ascend-users@bungi.com
Subject: (ASCEND) Radius Security Bug
From: Jamie Penner <jpenner@nisa.net>
Date: Sat, 10 Jan 1998 10:38:45 -0800
Cc: support@ascend.com
Sender: owner-ascend-users@max.bungi.com


For anyone who is using the Radius accounting files as a billing tool, this
may be of importance to you...

I just happened to be sitting and watching the terminal on the Max4048 this
morning and noticed a user getting logged in as "jdoe @nisa.net" (where
jdoe is, of course, the users name)...    This worked...

I then went into the radius accouting logs and found:
        User-Name = "jdoe @nisa.net"

However, if you parse your radius logs and take the username as-is, you
will obviously never see any time used by the user unless you parse the
User-Name field down from the space....


---------------------------------
Jamie Penner
Nisa Internet Technologies Inc.
Nanaimo, BC  Canada
EMail: jpenner@nisa.net
URL: http://www.nisa.com
Ph: 250-751-1111
Fax: 250-758-3511
---------------------------------
++ Ascend Users Mailing List ++
To unsubscribe:	send unsubscribe to ascend-users-request@bungi.com
To get FAQ'd:	<http://www.nealis.net/ascend/faq>

Follow-Ups:

Re: (ASCEND) Radius Security Bug

From: Kevin Smith <bladez@cafes.net>

Re: (ASCEND) Radius Security Bug

From: Will Pierce <willp@ultra1.dreamscape.com>

Prev by Date: Re: (ASCEND) Radius Security Bug
Next by Date: Re: (ASCEND) Q: Status of OSPF in 5.0Ap36
Prev by thread: Re: (ASCEND) Radiusd needed...
Next by thread: Re: (ASCEND) Radius Security Bug
Index(es):
- Main
- Thread