Advisory: EAP-PWD Vulnerability

Download as PDFDownload as PDF

Released: 15th April 2019

This advisory is relevant only to  eduroam(UK) Home (IdP) (and Home and Visited) service organisations that are supporting the EAP-PWD authentication method – hence will be potentially applicable only to organisations running the FreeRADIUS, Radiator, Aruba ClearPass RADIUS servers or any other servers supporting EAP-PWD (ie not Microsoft NPS). It’s aim is to bring to the attention of our community the vulnerability in the EAP-PWD method and describes the position of the Wi-Fi Appliance together with recommend actions to be taken.

Go to: