9 Apr
2009
9 Apr
'09
10:55 p.m.
Paul Bartell wrote:
I'm aware of an attack on a bank which had implemented EAP, and had fun when a Pen tester was simply getting domain login credentials without having to work much at all.
Could you maybe provide a rebuttal for this attack? and/or explain how to make it especially secure?
You say there's an attack. Great... what is it? Someone got domain login credentials... how? Alan DeKok.