Security

Trying to find out FR release version in clearpass. 

 

Rgds

A

We don't publish the version of freeradius. What are you trying to do?

One of the reasons the poster may want this would be for vulnerability testing / assurance. Always good to know versions that vendors are using in case of announcement of vulnerability.

We publish security advisories for any vulnerabilities found in our products.

I run clearpass in a two tier system with Tier 1 facing the outside world and running FreeRadius 3.0.15. Tier 2 deals with internal auths (eap-peap/eap-tls etc and any eduroam  visitor auth requests get proxied up to Tier 1 for passing onto  appropriate destination.

 

I've been having loads of EAP based errors on the Tier 1 system including things such as 

 

"Wed Sep 20 09:09:56 2017 : Auth: (1606319) Login incorrect (eap: The RADIUS client has mangled the State attribute, OR you are forcing EAP in the wrong situation): [oluwafemi.coker@students.plymouth.ac.uk] (from client clearpass5 port 0 cli F0-DB-E2-D9-DA-57)"

 

but also errors such as "invalid state variable " in an EAP dialogue  and message about packers in an EAP dialogue arriving from multiple hosts.

 

While I've identified the primary culprit, at the time wanted to know which FR version you use given recent bugs and security notices re FR 3.0.x to see if there was something that might end up in a real support call.

 

Still need to know why I'm getting the ... mangled.. message though

 

A

 

 

 

 

Could you at least confirm you;re not running FR V2.x

.. and if you're running 3.0.x that you;ve got 3.0.15 in production or in the pipline given the number of security patches to the 3.0  branch that were applied to 3.0.15

Rgds

A

If you have any security concerns or questions about an Aruba product, please email aruba-sirt@hpe.com

One of the reasons the poster may want this would be for vulnerability testing / assurance. Always good to know versions that vendors are using in case of announcement of vulnerability.