Notice of Violation of IEEE Publication PrinciplesAttack on RADIUS authentication protocol

Notice of Violation of IEEE Publication Principles

"Attack on RADIUS Authentication Protocol"
by Peng Zhao, Xuewu Cao, and Ping Luo,
in the 2003 Proceedings of the International Conference on Communication Technology, pp. 208-212

After careful and considered review of the content and authorship of this paper by a duly constituted expert committee, this paper has been found to be in violation of IEEE\´s Publication Principles.

This paper contains significant portions of original text from the paper cited below. The original text was copied without attribution (including appropriate references to the original author(s) and/or paper title) and without permission.

Due to the nature of this violation, reasonable effort should be made to remove all past references to this paper, and future references should be made to the following article:

"An Analysis of the RADIUS Authentication Protocol"
by Joshua Hill,
on Bugtraq mailing list, 12 November 2001The RADIUS protocol has a set of vulnerabilities that are either caused by the protocol, or caused by poor client implementation and exacerbated by the protocol. For security reasons, it would be advantageous to push for at least minimal revisions of the widely used RADIUS protocol. This paper mainly deals with some of the characteristics of the base RADIUS protocol and of the user-password attribute.