of Mac and Men
Alan DeKok
aland at deployingradius.com
Fri Apr 10 00:55:15 CEST 2009
Paul Bartell wrote:
> I'm aware of an attack on a bank which had implemented EAP, and had
> fun when a Pen tester was simply getting domain login credentials
> without having to work much at all.
>
> Could you maybe provide a rebuttal for this attack? and/or explain how
> to make it especially secure?
You say there's an attack. Great... what is it?
Someone got domain login credentials... how?
Alan DeKok.
More information about the Freeradius-Users
mailing list