Is vulnerabe the process of sending credentials to a NAS ?
Daniel Lopez
danilogo1991 at gmail.com
Fri Jan 22 17:22:48 CET 2016
Hello. I've got a doubt about the security in authentication process.
Suppose we have our Freeradius server configured to authenticate a certain
user via password (Cleartext-Password) and MAC address
(Calling-Station-Id). When this user tries to authenticate via a NAS
(wireless router), and sends it its credentials, is it possible that an
attacker could obtain those credentials by sniffing the comunication? And
then gain access by mac address spoofing?
And if so, How could this be avoided? How to protect this first step?
Thanks you very much.
More information about the Freeradius-Users
mailing list