[isf-wifidog] Sniffing out the wifidog network!!!

Jean-Philippe Menil jean-philippe.menil at univ-nantes.fr
Dim 21 Fév 17:19:42 EST 2010

Arya Mazaheri a écrit :
> Hi there,
> I'm running wifidog for a while. For security check I decided to sniff 
> out my network to see the possible vulnerabilities. after doing that, 
> I found that there is a very bad security vulnerability. every user 
> who wants to authenticate to wifidog portal, his/her username and 
> password can be sniffed easily and hijacked!
> The user's authentication is performed by LDAP directory and SSL is 
> running on the portal but still it has the problem.
> Any idea?...
> ------------------------------------------------------------------------
> _______________________________________________
> WiFiDog mailing list
> WiFiDog at listes.ilesansfil.org
> http://listes.ilesansfil.org/cgi-bin/mailman/listinfo/wifidog

theorically, the communication between your ldap and the auth server 
aren't on the same network segement that your users.
So, i don't see how it can be possible to sniff anything concerning 
By the way, you can easily implement the ldaps protocol in your ldap server.

Can you provide more elements of your situation?

-------------- section suivante --------------
Une pièce jointe autre que texte a été nettoyée...
Nom: jean-philippe_menil.vcf
Type: text/x-vcard
Taille: 433 octets
Desc: non disponible
URL: <http://listes.ilesansfil.org/pipermail/wifidog/attachments/20100221/90e3e7e7/attachment.vcf>

Plus d'informations sur la liste de diffusion WiFiDog