eduroam(UK) Advisory

Advisory: WPA2 Key Reinstallation Attacks vulnerability, KRACK

Edward Wincott
Monday, April 15, 2019 - 16:45
eduroam(UK) Advisory
eduroam
WPA
Released: 24th October 2017 This advisory is relevant to all eduroam(UK) Home (IdP) and Visited (SP)  service organisations. It’s aim is to bring to the attention of our community the vulnerability of WPA2 to Key Reinstallation Attacks (KRACK) and describes the position of eduroam.org together with recommend actions to be taken. Background and scope:
Read more

Advisory: Injection of Operator-Name Attribute at the NRPSs (Oct 2018)

Edward Wincott
Friday, October 12, 2018 - 15:42
#eduroam
advisory
eduroam(UK) Advisory
eduroam(UK) Advisory: Injection of Operator-Name attribute by the NRPSs
Read more

Advisory: OpenSSL TLS Heartbleed Vulnerability

Edward Wincott
Tuesday, August 4, 2015 - 10:15
eduroam
advisory
eduroam(UK) Advisory
OpenSSL Heartbleed
Advisory issued by eduroam.OT 08/04/2014 It has come to our attention that there are vulnerabilities in the relatively new 1.0.1-series of OpenSSL (as detailed by http://heartbleed.com/) affecting TLS enabled services via a heartbeat extension. While there are no indications that this affects TLS-based EAP-mechanisms or RADIUS/TLS (aka RadSec) at this time, the operational team has made the decision to upgrade OpenSSL to versions implementing a fix for CVE-2014-0160
Read more
21 November 2014 at 4:03pm

Advisory: Microsoft Security Bulletin Affecting NPS and IAS

Edward Wincott
eduroam(UK) Advisory
Microsoft Security Bulletin MS14-066 -relevant to NPS and IAS eduroam Deployments eduroam administrators at all organisations providing eduroam using Microsoft NPS or IAS are advised to be aware that MS14-066 affects eduroam (and any other 802.1X deployment).
Read more
Subscribe to eduroam(UK) Advisory