It's possible to bypass RADIUS authorisation is NONE is set at fallback authentication method.
vulners.com/securityvulns/securityvulns:doc:9007