cat-users AT lists.geant.org
Subject: The mailing list for users of the eduroam Configuration Assistant Tool (CAT)
List archive
- From: Alan Buxey <alan.buxey AT gmail.com>
- To: Tomasz Wolniewicz <twoln AT umk.pl>
- Cc: eduroam CAT Feedback <cat-users AT lists.geant.org>
- Subject: Re: [[cat-users]] security fix clear text password in linux script eduroam
- Date: Mon, 18 Dec 2017 22:25:03 +0000
- Authentication-results: prod-mail.geant.net (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
if you have root access = game over... however, for typical user
network manager only gives access to the current user details.
one could argue this is why EAP-TLS with MAC pairing is ideal for this
however, IIRC the password can be hashed - the package comes with a
tool to provide suitable hash password instead
(Its NT has - so you can also generate it with iconv before pumping
into openssl with md4 output) - the password is no longer
trivial plain text, takes a little more effort to get (but once
again...passwords? so old, so wrong ;-) )
alan
- [[cat-users]] security fix clear text password in linux script eduroam, Visser,Ramon R.D., 12/18/2017
- Re: [[cat-users]] security fix clear text password in linux script eduroam, Stefan Winter, 12/18/2017
- Re: [[cat-users]] security fix clear text password in linux script eduroam, Tomasz Wolniewicz, 12/18/2017
- Re: [[cat-users]] security fix clear text password in linux script eduroam, Alan Buxey, 12/18/2017
- Re: [[cat-users]] security fix clear text password in linux script eduroam, Rademaker,Hans J.G., 12/18/2017
- Re: [[cat-users]] security fix clear text password in linux script eduroam, Stefan Winter, 12/19/2017
- Re: [[cat-users]] security fix clear text password in linux script eduroam, Stefan Winter, 12/19/2017
- Re: [[cat-users]] security fix clear text password in linux script eduroam, Rademaker,Hans J.G., 12/19/2017
- Re: [[cat-users]] security fix clear text password in linux script eduroam, Stefan Winter, 12/19/2017
- Re: [[cat-users]] security fix clear text password in linux script eduroam, Alan Buxey, 12/19/2017
- Re: [[cat-users]] security fix clear text password in linux script eduroam, Stefan Winter, 12/19/2017
- Re: [[cat-users]] security fix clear text password in linux script eduroam, Tomasz Wolniewicz, 12/18/2017
- Re: [[cat-users]] security fix clear text password in linux script eduroam, Stefan Winter, 12/18/2017
Archive powered by MHonArc 2.6.19.