COMMAND

    MS Radius Server

SYSTEMS AFFECTED

    Win NT4 with SP4

PROBLEM

    Brad Kemp found following.  A bug has been found in the  Microsoft
    Radius server when hosted on an NT server running SP4 that  allows
    anyone access.  This bug  cannot be exploited on a  server running
    SP3.   There  do  not  seem  to  be  any  hotfixes to correct this
    problem. The RADIUS server is from option pack 4.

    Just  authenticate  as  a  non-existant  user  using  PAP, you are
    authenticated.   There  is  a  disclaimer  if  you try and install
    option pack 4 on an SP4 system, but not the other way around.

SOLUTION

    Some people couldn't reproduce this and whole thing is still under
    investigation.