[isf-wifidog] Sniffing out the wifidog network!!!
Jean-Philippe Menil
jean-philippe.menil at univ-nantes.fr
Dim 21 Fév 17:19:42 EST 2010
Arya Mazaheri a écrit :
> Hi there,
> I'm running wifidog for a while. For security check I decided to sniff
> out my network to see the possible vulnerabilities. after doing that,
> I found that there is a very bad security vulnerability. every user
> who wants to authenticate to wifidog portal, his/her username and
> password can be sniffed easily and hijacked!
> The user's authentication is performed by LDAP directory and SSL is
> running on the portal but still it has the problem.
>
> Any idea?...
> ------------------------------------------------------------------------
>
> _______________________________________________
> WiFiDog mailing list
> WiFiDog at listes.ilesansfil.org
> http://listes.ilesansfil.org/cgi-bin/mailman/listinfo/wifidog
Hi,
theorically, the communication between your ldap and the auth server
aren't on the same network segement that your users.
So, i don't see how it can be possible to sniff anything concerning
password.
By the way, you can easily implement the ldaps protocol in your ldap server.
Can you provide more elements of your situation?
Regards.
-------------- section suivante --------------
Une pièce jointe autre que texte a été nettoyée...
Nom: jean-philippe_menil.vcf
Type: text/x-vcard
Taille: 433 octets
Desc: non disponible
URL: <http://listes.ilesansfil.org/pipermail/wifidog/attachments/20100221/90e3e7e7/attachment.vcf>
Plus d'informations sur la liste de diffusion WiFiDog