password in EAP request

Fajar A. Nugraha list at fajar.net
Thu Oct 6 15:22:13 CEST 2011


On Thu, Oct 6, 2011 at 8:06 PM, Alex rsm <alex-rsm at hotmail.com> wrote:
> Hi,
>
> I was told there is a plugin for FreeRadius that can be used to retrieve the
> username/password of the EAP request. Is this true?

There are two EAP mechanism that sends user password in clear-text:
EAP-GTC and EAP-TTLS + PAP.
Both of which is not supported by Windows client. If you use one of
those two mechanism then you can easily get user's cleartext password.

If you use EAP-MSCHAPv2 (the most widely used) then no plugin or
software can retrieve the plaintext password from the access-request
packet. It's simply not possible.

-- 
Fajar



More information about the Freeradius-Users mailing list