Skip to Content.

cat-users - Re: [[cat-users]] security fix clear text password in linux script eduroam

cat-users AT lists.geant.org

Subject: The mailing list for users of the eduroam Configuration Assistant Tool (CAT)

List archive


Re: [[cat-users]] security fix clear text password in linux script eduroam


Chronological Thread 
    < Chronological >      < Thread >
  • From: Alan Buxey <alan.buxey AT gmail.com>
  • To: Tomasz Wolniewicz <twoln AT umk.pl>
  • Cc: eduroam CAT Feedback <cat-users AT lists.geant.org>
  • Subject: Re: [[cat-users]] security fix clear text password in linux script eduroam
  • Date: Mon, 18 Dec 2017 22:25:03 +0000
  • Authentication-results: prod-mail.geant.net (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
if you have root access = game over... however, for typical user
network manager only gives access to the current user details.

one could argue this is why EAP-TLS with MAC pairing is ideal for this

however, IIRC the password can be hashed - the package comes with a
tool to provide suitable hash password instead
(Its NT has - so you can also generate it with iconv before pumping
into openssl with md4 output) - the password is no longer
trivial plain text, takes a little more effort to get (but once
again...passwords? so old, so wrong ;-) )


alan

Archive powered by MHonArc 2.6.19.

Top of Page