Read Time:21 Second

Goldberg, Miro Haller, Nadia Heninger, Mike Milano, Dan Shumow, Marc
Stevens, and Adam Suhl discovered that Kerberos incorrectly authenticated
certain responses. An attacker able to intercept communications between a
RADIUS client and server could possibly use this issue to forge responses,
bypass authentication, and access network devices and services.

This update introduces support for the Message-Authenticator attribute in
non-EAP authentication methods for communications between Kerberos and a
RADIUS server.

Read More