Vulnerability: built-in radius using weak or compromised ciphers/hashes

This thread has been locked for further replies. You can start a new thread to share your ideas or ask questions.

Votes

This thread has been locked for further replies. You can start a new thread to share your ideas or ask questions.

2024-01-17 17:05:52 - last edited 2024-01-18 01:24:15

Posts: 10

Helpful: 4

Solutions: 0

Stories: 0

Registered: 2023-08-22

Vulnerability: built-in radius using weak or compromised ciphers/hashes

2024-01-17 17:05:52 - last edited 2024-01-18 01:24:15

Model: OC200

Hardware Version: V1

Firmware Version: 1.28.1 Build 20231117 Rel.58466

Issue #1: Built-in Omada Radius server uses EAP-MD5-Challenge by default. This method is compromised and deprecated, and declined by the client machine for that reason.
Issue #2: Built-in Omada Radius server then switches to EAP-PEAP but resorts to the weakest cipher supported by the client for the outer tunnel (TLS_RSA_WITH_AES_128_CBC_SHA, which is consered weak: https://ciphersuite.info/cs/TLS_RSA_WITH_AES_128_CBC_SHA/).
Issue #3: Built-in Omada Radius server still "secures" the inner tunnel with MD5, which again is a compromised method that leaves users vulnerable.
Issue #4: TLS 1.3 doesn't seem to work to secure the outer tunnel.

Expected behaviours:

Compromised ciphers should be disabled in the built-in Omada Radius server.
The built-in Omada Radius server should pick the strongest common cipher.
The built-in Omada Radius server should implement TLS 1.3 to secure the outer tunnel