[isf-wifidog] Lot WiFiDog, Vol 61, Parution 13

Arya Mazaheri aryanet at gmail.com
Mar 23 Fév 08:18:54 EST 2010 

actually I think I've found a solution.
unfortunately LDAPS doesn't have any effect on this issue ( I don't know
why?). so may be it is better to move the LDAP server to another VLAN on the
network.
Thanks for your advice...

On Mon, Feb 22, 2010 at 8:30 PM, <wifidog-request at listes.ilesansfil.org>wrote:

> Envoyez vos messages pour la liste WiFiDog à
>        wifidog at listes.ilesansfil.org
>
> Pour vous (dés)abonner par le web, consultez
>        http://listes.ilesansfil.org/cgi-bin/mailman/listinfo/wifidog
>
> ou, par email, envoyez un message avec 'help' dans le corps ou dans le
> sujet à
>        wifidog-request at listes.ilesansfil.org
>
> Vous pouvez contacter l'administrateur de la liste à l'adresse
>        wifidog-owner at listes.ilesansfil.org
>
> Si vous répondez, n'oubliez pas de changer l'objet du message afin
> qu'il soit plus spécifique que "Re: Contenu du digest de WiFiDog..."
>
>
> Thèmes du jour :
>
>   1. Re: Sniffing out the wifidog network!!! (Jean-Philippe Menil)
>
>
> ----------------------------------------------------------------------
>
> Message: 1
> Date: Sun, 21 Feb 2010 23:19:42 +0100
> From: Jean-Philippe Menil <jean-philippe.menil at univ-nantes.fr>
> To: WiFiDog Captive Portal <wifidog at listes.ilesansfil.org>
> Subject: Re: [isf-wifidog] Sniffing out the wifidog network!!!
> Message-ID: <4B81B17E.6050600 at univ-nantes.fr>
> Content-Type: text/plain; charset="iso-8859-1"; Format="flowed"
>
> Arya Mazaheri a écrit :
> > Hi there,
> > I'm running wifidog for a while. For security check I decided to sniff
> > out my network to see the possible vulnerabilities. after doing that,
> > I found that there is a very bad security vulnerability. every user
> > who wants to authenticate to wifidog portal, his/her username and
> > password can be sniffed easily and hijacked!
> > The user's authentication is performed by LDAP directory and SSL is
> > running on the portal but still it has the problem.
> >
> > Any idea?...
> > ------------------------------------------------------------------------
> >
> > _______________________________________________
> > WiFiDog mailing list
> > WiFiDog at listes.ilesansfil.org
> > http://listes.ilesansfil.org/cgi-bin/mailman/listinfo/wifidog
> Hi,
>
> theorically, the communication between your ldap and the auth server
> aren't on the same network segement that your users.
> So, i don't see how it can be possible to sniff anything concerning
> password.
> By the way, you can easily implement the ldaps protocol in your ldap
> server.
>
> Can you provide more elements of your situation?
>
> Regards.
> -------------- section suivante --------------
> Une pièce jointe autre que texte a été nettoyée...
> Nom: jean-philippe_menil.vcf
> Type: text/x-vcard
> Taille: 433 octets
> Desc: non disponible
> URL: <
> http://listes.ilesansfil.org/pipermail/wifidog/attachments/20100221/90e3e7e7/attachment-0001.vcf
> >
>
> ------------------------------
>
> _______________________________________________
> WiFiDog mailing list
> WiFiDog at listes.ilesansfil.org
> http://listes.ilesansfil.org/cgi-bin/mailman/listinfo/wifidog
>
> Fin de Lot WiFiDog, Vol 61, Parution 13
> ***************************************
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listes.ilesansfil.org/pipermail/wifidog/attachments/20100223/ece8ad1c/attachment.htm>

Plus d'informations sur la liste de diffusion WiFiDog