In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.
Test your applicationsUpgrade org.openidentityplatform.openam:openam-radius-common to version 16.1.1 or higher.
Affected versions of this package are vulnerable to Improper Verification of Cryptographic Signature in the RADIUS authentication process. An attacker can gain unauthorized access by sending a spoofed Access-Accept response to the client, which fails to verify the response authenticator, source IP/port, and response identifier. This allows impersonation of any user mapped to RADIUS without knowledge of the shared secret.