password in EAP request
Stefan Winter
stefan.winter at restena.lu
Thu Oct 6 18:02:45 CEST 2011
Hi,
>
>> I was told there is a plugin for FreeRadius that can be used to
>> retrieve the username/password of the EAP request. Is this true?
>
> No...?
>
> There's http://www.willhackforsushi.com/FreeRADIUS_WPE.html, but it's
> not a complete solution in itself...
>
Uh, what a lame thing. It will only work on the assumption that the user
does not check the server certificate, which really bad practice.
The rest is a setup of FreeRADIUS which is designed to be compatible
with as many EAP types as possible; so as not to disturb the end user
experience.
It also can't figure out if the user entered his real credentials or had
a typo/intentionally put in something different.
The "patch" is a few sample clients, nothing more.
A nice exercise, for sure, but calling this "Pwnage Edition" is somewhat
exaggerated. As I read the headline, I expected more bang for the buck :-)
Greetings,
Stefan Winter
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20111006/47efab6c/attachment.html>
More information about the Freeradius-Users
mailing list