[isf-wifidog] Sniffing out the wifidog network!!!

[Arya Mazaheri]

Hi there,
I'm running wifidog for a while. For security check I decided to sniff
out my network to see the possible vulnerabilities. after doing that, I
found that there is a very bad security vulnerability. every user who wants
to authenticate to wifidog portal, his/her username and password can be
sniffed easily and hijacked!
The user's authentication is performed by LDAP directory and SSL is running
on the portal but still it has the problem.

Any idea?...
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listes.ilesansfil.org/pipermail/wifidog/attachments/20100221/b8a973b1/attachment.htm>