Closed simeononsecurity closed 9 months ago
Thanks for your interest in orion-radsec!
This proxy is designed to comply with RFC 6614. Section 2.3 (4) of the RFC specifies: The shared secret to compute the (obsolete) MD5 integrity checks and attribute encryption MUST be "radsec"
The RADIUS shared secret is obsolete and shouldn't be relied upon for any security purpose, see e.g. https://networkradius.com/articles/2022/10/04/radius-insecurity.html for more information.
Assuming this request refers to the shared secret, and given the above, closing this request as infeasible.
Thanks for giving a great reason rather than turning it down and saying nothing. Much appreciated! I've read the RFC and now I agree with it. Apologies for the bother.
GitHub Issue Title: Enhance Security: Provide Flexible Default Password Configuration
GitHub Issue Description: Issue: Currently, the Docker container relies on a default password ('radsec') for the RadSec Proxy. For many providers using this container as-is, having a more secure and customizable default password is essential.
Request: Propose the implementation of a flexible method for specifying the default password during the Docker container setup. Consider introducing an entrypoint script that allows installers to set a more secure and unique password of their choosing.
Rationale:
Requirements:
This enhancement will provide a more secure default configuration out of the box and accommodate the diverse needs of users deploying the RadSec Proxy Docker container.