password in EAP request

Stefan Winter stefan.winter at
Thu Oct 6 18:02:45 CEST 2011


>> I was told there is a plugin for FreeRadius that can be used to
>> retrieve the username/password of the EAP request. Is this true?
> No...?
> There's, but it's
> not a complete solution in itself...

Uh, what a lame thing. It will only work on the assumption that the user
does not check the server certificate, which really bad practice.
The rest is a setup of FreeRADIUS which is designed to be compatible
with as many EAP types as possible; so as not to disturb the end user
It also can't figure out if the user entered his real credentials or had
a typo/intentionally put in something different.
The "patch" is a few sample clients, nothing more.

A nice exercise, for sure, but calling this "Pwnage Edition" is somewhat
exaggerated. As I read the headline, I expected more bang for the buck :-)


Stefan Winter
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <>

More information about the Freeradius-Users mailing list