Library items tagged: eduroam(UK) Advisory

2024-07 Advisory: Mitigating Blast!RADIUS by enforcing the use of Message-Authenticator attribute

Stefan Paetow
Tuesday, July 9, 2024 - 20:05
#eduroam
eduroam(UK)
eduroam(UK) Advisory
Released: 9 July 2024 This advisory is important and relevant to all eduroam(UK) service organisations. The eduroam community has been made aware of a recent vulnerability discovered in the RADIUS protocol. This vulnerability, known as Blast!RADIUS and given the CVE number CVE-2024-3596, has been classed with a CVSS score of 9.0.
Read more

2022-05 Advisory: Migration of Roaming1 NRPS

Edward Wincott
Tuesday, May 10, 2022 - 12:46
#eduroam
eduroam(UK) Advisory
NRPS
Released: 10th May 2022 This advisory is important and relevant to all eduroam(UK) service organisations. Summary Background and scope Phase 1 - DNS, firewall and RADIUS server changes Phase 2 - firewall and RADIUS server changes During the migration phase Supplementary information SUMMARY Roaming1 is moving to a new platform.
Read more

2021-10 Advisory: Addressing claims of eduroam misconfiguration vulnerability (server certificate validation)

Stefan Paetow
Wednesday, October 6, 2021 - 14:40
advisory
#eduroam
eduroam(UK) Advisory
eduroam CAT
connecting your device to eduroam
Published: 06/10/2021 This advisory applies to all organisations providing a Home or Home and Visited (Wi-Fi) service.
Read more

2021-04 Advisory: Android 11 configuration issues, geteduroam, server certificates

Edward Wincott
Thursday, April 1, 2021 - 17:58
eduroam
eduroam(UK) Advisory
certificates
EAP
Released 1st April 2021 Updated 16th April 2021 Updated 20th April 2023 This advisory applies to all organisations providing a Home (IdP) service who wish to support users on Android 11 devices. A number of issues have arisen simultaneously which have resulted in a complex situation which requires a careful response from member organisations to avoid user disappointment. The recommended actions are summarised at the bottom of this page.
Read more

2020-07 Advisory: EAP server certificate considerations

Stefan Paetow
Wednesday, March 31, 2021 - 02:31
EAP
eduroam(UK) Advisory
eduroam
server certificates
eduroam(UK) Advisory: EAP server certificate considerations (July 2020)
Read more

2020-11 Advisory: Implications of MAC address randomisation on eduroam(UK) members

Stefan Paetow
Wednesday, March 31, 2021 - 01:45
eduroam(UK) Advisory
network
network access
eduroam
access
Calling-Station-Identity
Introduction With the introduction of iOS 14 and Android 11, MAC address randomisation will become more prevalent and will have some implications for our eduroam(UK) members.  History Starting with iOS 8 and Android 8 mobile device operating system vendors started using randomised MAC addresses while scanning for wireless networks. These pre-association MAC addresses were random at every sweep. This was a step towards ensuring user devices could scan for wireless networks without being tracked.
Read more

Advisories

Stefan Paetow
Wednesday, March 31, 2021 - 01:27
eduroam
eduroam(UK) Advisory
Click on item and scroll down to the selected content at the bottom of the page. Advisory: Mitigating Blast-RADIUS by enforcing the use of Message-Authenticator attribute (July 2024)
Read more

Advisory: WPA2 Key Reinstallation Attacks vulnerability, KRACK

Edward Wincott
Monday, April 15, 2019 - 16:45
eduroam(UK) Advisory
eduroam
WPA
Released: 24th October 2017 This advisory is relevant to all eduroam(UK) Home (IdP) and Visited (SP)  service organisations. It’s aim is to bring to the attention of our community the vulnerability of WPA2 to Key Reinstallation Attacks (KRACK) and describes the position of eduroam.org together with recommend actions to be taken. Background and scope:
Read more

Advisory: Injection of Operator-Name Attribute at the NRPSs (Oct 2018)

Edward Wincott
Friday, October 12, 2018 - 15:42
#eduroam
advisory
eduroam(UK) Advisory
eduroam(UK) Advisory: Injection of Operator-Name attribute by the NRPSs
Read more