From 562f411003859ce87dfe46e04112da8be38f8c89 Mon Sep 17 00:00:00 2001 From: Thomas Sydorowski Date: Wed, 21 Aug 2024 17:50:20 -0400 Subject: [PATCH] Update README.md examples to use Message-Authenticator to mitigate against Blast-RADIUS --- README.md | 14 ++++++++++---- 1 file changed, 10 insertions(+), 4 deletions(-) diff --git a/README.md b/README.md index d3c7676..4291c15 100644 --- a/README.md +++ b/README.md @@ -28,7 +28,7 @@ Add `aaa4j-radius-client` dependency from [Maven Central](https://central.sonaty org.aaa4j.radius aaa4j-radius-client - 0.3.0 + 0.3.1 ``` @@ -63,6 +63,7 @@ public class Main { .build(); AccessRequest accessRequest = new AccessRequest(List.of( + new MessageAuthenticator(), new UserName(new TextData("john.doe")), new UserPassword(new StringData("hunter2".getBytes(UTF_8))), new NasIdentifier(new TextData("SSID1")) @@ -94,7 +95,7 @@ Add `aaa4j-radius-server` dependency from [Maven Central](https://central.sonat org.aaa4j.radius aaa4j-radius-server - 0.3.0 + 0.3.1 ``` @@ -144,6 +145,11 @@ public class Main { @Override public Packet handlePacket(InetAddress clientAddress, Packet requestPacket) { if (requestPacket instanceof AccessRequest) { + if (requestPacket.getAttribute(MessageAuthenticator.class).isEmpty()) { + // Require Message-Authenticator to mitigate Blast-RADIUS + return null; + } + Optional userNameAttribute = requestPacket.getAttribute(UserName.class); Optional userPasswordAttribute = requestPacket.getAttribute(UserPassword.class); @@ -152,11 +158,11 @@ public class Main { String password = new String(userPasswordAttribute.get().getData().getValue(), UTF_8); if (username.equals("john.doe") && password.equals("hunter2")) { - return new AccessAccept(); + return new AccessAccept(List.of(new MessageAuthenticator())); } } - return new AccessReject(); + return new AccessReject(List.of(new MessageAuthenticator())); } return null;