<div>actually I think I've found a solution.</div><div>unfortunately LDAPS doesn't have any effect on this issue ( I don't know why?). so may be it is better to move the LDAP server to another VLAN on the network.<br>
</div><div>Thanks for your advice...</div><br><div class="gmail_quote">On Mon, Feb 22, 2010 at 8:30 PM, <span dir="ltr"><<a href="mailto:wifidog-request@listes.ilesansfil.org">wifidog-request@listes.ilesansfil.org</a>></span> wrote:<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex;">Envoyez vos messages pour la liste WiFiDog à<br>
<a href="mailto:wifidog@listes.ilesansfil.org">wifidog@listes.ilesansfil.org</a><br>
<br>
Pour vous (dés)abonner par le web, consultez<br>
<a href="http://listes.ilesansfil.org/cgi-bin/mailman/listinfo/wifidog" target="_blank">http://listes.ilesansfil.org/cgi-bin/mailman/listinfo/wifidog</a><br>
<br>
ou, par email, envoyez un message avec 'help' dans le corps ou dans le<br>
sujet à<br>
<a href="mailto:wifidog-request@listes.ilesansfil.org">wifidog-request@listes.ilesansfil.org</a><br>
<br>
Vous pouvez contacter l'administrateur de la liste à l'adresse<br>
<a href="mailto:wifidog-owner@listes.ilesansfil.org">wifidog-owner@listes.ilesansfil.org</a><br>
<br>
Si vous répondez, n'oubliez pas de changer l'objet du message afin<br>
qu'il soit plus spécifique que "Re: Contenu du digest de WiFiDog..."<br>
<br>
<br>
Thèmes du jour :<br>
<br>
1. Re: Sniffing out the wifidog network!!! (Jean-Philippe Menil)<br>
<br>
<br>
----------------------------------------------------------------------<br>
<br>
Message: 1<br>
Date: Sun, 21 Feb 2010 23:19:42 +0100<br>
From: Jean-Philippe Menil <<a href="mailto:jean-philippe.menil@univ-nantes.fr">jean-philippe.menil@univ-nantes.fr</a>><br>
To: WiFiDog Captive Portal <<a href="mailto:wifidog@listes.ilesansfil.org">wifidog@listes.ilesansfil.org</a>><br>
Subject: Re: [isf-wifidog] Sniffing out the wifidog network!!!<br>
Message-ID: <<a href="mailto:4B81B17E.6050600@univ-nantes.fr">4B81B17E.6050600@univ-nantes.fr</a>><br>
Content-Type: text/plain; charset="iso-8859-1"; Format="flowed"<br>
<br>
Arya Mazaheri a écrit :<br>
> Hi there,<br>
> I'm running wifidog for a while. For security check I decided to sniff<br>
> out my network to see the possible vulnerabilities. after doing that,<br>
> I found that there is a very bad security vulnerability. every user<br>
> who wants to authenticate to wifidog portal, his/her username and<br>
> password can be sniffed easily and hijacked!<br>
> The user's authentication is performed by LDAP directory and SSL is<br>
> running on the portal but still it has the problem.<br>
><br>
> Any idea?...<br>
> ------------------------------------------------------------------------<br>
><br>
> _______________________________________________<br>
> WiFiDog mailing list<br>
> <a href="mailto:WiFiDog@listes.ilesansfil.org">WiFiDog@listes.ilesansfil.org</a><br>
> <a href="http://listes.ilesansfil.org/cgi-bin/mailman/listinfo/wifidog" target="_blank">http://listes.ilesansfil.org/cgi-bin/mailman/listinfo/wifidog</a><br>
Hi,<br>
<br>
theorically, the communication between your ldap and the auth server<br>
aren't on the same network segement that your users.<br>
So, i don't see how it can be possible to sniff anything concerning<br>
password.<br>
By the way, you can easily implement the ldaps protocol in your ldap server.<br>
<br>
Can you provide more elements of your situation?<br>
<br>
Regards.<br>
-------------- section suivante --------------<br>
Une pièce jointe autre que texte a été nettoyée...<br>
Nom: jean-philippe_menil.vcf<br>
Type: text/x-vcard<br>
Taille: 433 octets<br>
Desc: non disponible<br>
URL: <<a href="http://listes.ilesansfil.org/pipermail/wifidog/attachments/20100221/90e3e7e7/attachment-0001.vcf" target="_blank">http://listes.ilesansfil.org/pipermail/wifidog/attachments/20100221/90e3e7e7/attachment-0001.vcf</a>><br>
<br>
------------------------------<br>
<br>
_______________________________________________<br>
WiFiDog mailing list<br>
<a href="mailto:WiFiDog@listes.ilesansfil.org">WiFiDog@listes.ilesansfil.org</a><br>
<a href="http://listes.ilesansfil.org/cgi-bin/mailman/listinfo/wifidog" target="_blank">http://listes.ilesansfil.org/cgi-bin/mailman/listinfo/wifidog</a><br>
<br>
Fin de Lot WiFiDog, Vol 61, Parution 13<br>
***************************************<br>
</blockquote></div><br>