Library items tagged: eduroam(UK) Advisory

Released: 9 July 2024 This advisory is important and relevant to all eduroam(UK) service organisations. The eduroam community has been made aware of a recent vulnerability discovered in the RADIUS protocol. This vulnerability, known as Blast!RADIUS and given the CVE number CVE-2024-3596, has been classed with a CVSS score of 9.0.
Released: 10th May 2022 This advisory is important and relevant to all eduroam(UK) service organisations. Summary Background and scope Phase 1 - DNS, firewall and RADIUS server changes Phase 2 - firewall and RADIUS server changes During the migration phase Supplementary information SUMMARY Roaming1 is moving to a new platform.
Published: 06/10/2021 This advisory applies to all organisations providing a Home or Home and Visited (Wi-Fi) service.
Released 1st April 2021 Updated 16th April 2021 Updated 20th April 2023 This advisory applies to all organisations providing a Home (IdP) service who wish to support users on Android 11 devices. A number of issues have arisen simultaneously which have resulted in a complex situation which requires a careful response from member organisations to avoid user disappointment. The recommended actions are summarised at the bottom of this page.
eduroam(UK) Advisory: EAP server certificate considerations (July 2020)
Introduction With the introduction of iOS 14 and Android 11, MAC address randomisation will become more prevalent and will have some implications for our eduroam(UK) members.  History Starting with iOS 8 and Android 8 mobile device operating system vendors started using randomised MAC addresses while scanning for wireless networks. These pre-association MAC addresses were random at every sweep. This was a step towards ensuring user devices could scan for wireless networks without being tracked.
Click on item and scroll down to the selected content at the bottom of the page. Advisory: Mitigating Blast-RADIUS by enforcing the use of Message-Authenticator attribute (July 2024)
Released: 24th October 2017 This advisory is relevant to all eduroam(UK) Home (IdP) and Visited (SP)  service organisations. It’s aim is to bring to the attention of our community the vulnerability of WPA2 to Key Reinstallation Attacks (KRACK) and describes the position of eduroam.org together with recommend actions to be taken. Background and scope:
eduroam(UK) Advisory: Injection of Operator-Name attribute by the NRPSs