-
Notifications
You must be signed in to change notification settings - Fork 0
TLS
Alan DeKok edited this page Aug 24, 2023
·
1 revision
RADIUS over TLS issues.
Industrial control systems may suggest using TLS with NULL cipher suites (IEC 62351-8:2020 allows TLS_RSA_WITH_NULL_SHA256). The purpose is apparently to allow network intrusion detection systems to inspect the traffic. Which means that they don't need TLS MITM solutions.
However, if the default secret "radsec" is used, this means that the RADIUS packets are not just sent in the clear (NULL cipher suite), but also that the User-Password attributes can be trivially decoded.
This is a pretty large disaster.