Security

Reply
Super Contributor II

What version of FreeRadius does ClearPass use internally

Trying to find out FR release version in clearpass. 

 

Rgds

A

Guru Elite

Re: What version of FreeRadius does ClearPass use internally

We don't publish the version of freeradius. What are you trying to do?


Tim Cappalli | Aruba Security TME
@timcappalli | timcappalli.me | ACMX #367 / ACCX #480
New Member

Re: What version of FreeRadius does ClearPass use internally

One of the reasons the poster may want this would be for vulnerability testing / assurance. Always good to know versions that vendors are using in case of announcement of vulnerability.
New Member

Re: What version of FreeRadius does ClearPass use internally

One of the reasons the poster may want this would be for vulnerability testing / assurance. Always good to know versions that vendors are using in case of announcement of vulnerability.
Guru Elite

Re: What version of FreeRadius does ClearPass use internally

We publish security advisories for any vulnerabilities found in our products.

Tim Cappalli | Aruba Security TME
@timcappalli | timcappalli.me | ACMX #367 / ACCX #480
Super Contributor II

Re: What version of FreeRadius does ClearPass use internally

I run clearpass in a two tier system with Tier 1 facing the outside world and running FreeRadius 3.0.15. Tier 2 deals with internal auths (eap-peap/eap-tls etc and any eduroam  visitor auth requests get proxied up to Tier 1 for passing onto  appropriate destination.

 

I've been having loads of EAP based errors on the Tier 1 system including things such as 

 

"Wed Sep 20 09:09:56 2017 : Auth: (1606319) Login incorrect (eap: The RADIUS client has mangled the State attribute, OR you are forcing EAP in the wrong situation): [oluwafemi.coker@students.plymouth.ac.uk] (from client clearpass5 port 0 cli F0-DB-E2-D9-DA-57)"

 

but also errors such as "invalid state variable " in an EAP dialogue  and message about packers in an EAP dialogue arriving from multiple hosts.

 

While I've identified the primary culprit, at the time wanted to know which FR version you use given recent bugs and security notices re FR 3.0.x to see if there was something that might end up in a real support call.

 

Still need to know why I'm getting the ... mangled.. message though

 

A

 

 

 

 

Super Contributor II

Re: What version of FreeRadius does ClearPass use internally

Could you at least confirm you;re not running FR V2.x

.. and if you're running 3.0.x that you;ve got 3.0.15 in production or in the pipline given the number of security patches to the 3.0  branch that were applied to 3.0.15

Rgds

A

Guru Elite

Re: What version of FreeRadius does ClearPass use internally

If you have any security concerns or questions about an Aruba product, please email aruba-sirt@hpe.com

Tim Cappalli | Aruba Security TME
@timcappalli | timcappalli.me | ACMX #367 / ACCX #480
Search Airheads
cancel
Showing results for 
Search instead for 
Did you mean: