From 863acd8c80dd5d9d021dbf48f7b9b2725285d8f7 Mon Sep 17 00:00:00 2001
From: Ignacio Arces <ignacio.arces@onelogin.com>
Date: Tue, 19 May 2020 15:42:34 -0500
Subject: [PATCH] Do not verify response message authenticator for
 `Status-Server` requests

---
 lib/radius.js | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/lib/radius.js b/lib/radius.js
index 3a97dab..9495daf 100644
--- a/lib/radius.js
+++ b/lib/radius.js
@@ -415,6 +415,10 @@ Radius._verify_response_message_authenticator = function(args) {
     secret: args.secret
   });
 
+  // Response packets for `Status-Server` requests do not have a `Message-Authenticator` attribute hence
+  // no need to verify response message authenticator
+  if (parsed_request.code === "Status-Server") return true;
+
   if (parsed_request.attributes["Message-Authenticator"]) {
     var parsed_response = this.decode({
       packet: args.response,