Hi,


I was told there is a plugin for FreeRadius that can be used to retrieve the username/password of the EAP request. Is this true?

No...?

There's http://www.willhackforsushi.com/FreeRADIUS_WPE.html, but it's not a complete solution in itself...


Uh, what a lame thing. It will only work on the assumption that the user does not check the server certificate, which really bad practice.
The rest is a setup of FreeRADIUS which is designed to be compatible with as many EAP types as possible; so as not to disturb the end user experience.
It also can't figure out if the user entered his real credentials or had a typo/intentionally put in something different.
The "patch" is a few sample clients, nothing more.

A nice exercise, for sure, but calling this "Pwnage Edition" is somewhat exaggerated. As I read the headline, I expected more bang for the buck :-)

Greetings,

Stefan Winter