Ascend Archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: (ASCEND) Radius Security Bug




Spaces are treated as an end-of-username delimiter.  It's not so much a
bug as an undocumented feature.  We have seen this same type of behavior
on portmaster 2's and 3's in addition to our fleet of Max 40xx's.  I
suspect there's an RFC on Radius which states this.  The solution would be
to fix your accounting scripts.  We basically hacked radiusd to do an
index on the username and replace the first space with a NULL, to
terminate the string at the first space.

On Sat, 10 Jan 1998, Jamie Penner wrote:

> 
> For anyone who is using the Radius accounting files as a billing tool, this
> may be of importance to you...
> 
> I just happened to be sitting and watching the terminal on the Max4048 this
> morning and noticed a user getting logged in as "jdoe @nisa.net" (where
> jdoe is, of course, the users name)...    This worked...
> 
> I then went into the radius accouting logs and found:
>         User-Name = "jdoe @nisa.net"
> 
> However, if you parse your radius logs and take the username as-is, you
> will obviously never see any time used by the user unless you parse the
> User-Name field down from the space....
> 
> 
> ---------------------------------
> Jamie Penner
> Nisa Internet Technologies Inc.
> Nanaimo, BC  Canada
> EMail: jpenner@nisa.net
> URL: http://www.nisa.com
> Ph: 250-751-1111
> Fax: 250-758-3511
> ---------------------------------
> ++ Ascend Users Mailing List ++
> To unsubscribe:	send unsubscribe to ascend-users-request@bungi.com
> To get FAQ'd:	<http://www.nealis.net/ascend/faq>
> 

++ Ascend Users Mailing List ++
To unsubscribe:	send unsubscribe to ascend-users-request@bungi.com
To get FAQ'd:	<http://www.nealis.net/ascend/faq>


References: