This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Help

Who rated this post

cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
JP_Rex
Collaborator
Collaborator
‎2024-07-14 10:17 PM
In response to JozkoMrkvicka

There is an RFC for words like SHOULD and MUST. 
And the word SHOULD is taken by developers as "do as you like" And for the last 20 or so years everybody ignored that attribute. On the expense of being vulnerable for the kind of attack used in "blast-radius".

Nobody cared because the main usage is to supply "intelligence" to dumb Network equipment in a secured network environment.

And I am not overly concerned by this attack, because if you can run the attack you are already in a place were you don't need what you might gain. In these kind of networks people still use tftp and telnet to administer there stuff.

it doesn't make sense to use a 15000 byte TLS Handshake to secure less then 100 byte of message. The reason RADIUS is used is because it is light weight you can do that on a micro controller.

 

Regards
Peter

(1)
Who rated this post