Paul Bartell wrote: > I'm aware of an attack on a bank which had implemented EAP, and had > fun when a Pen tester was simply getting domain login credentials > without having to work much at all. > > Could you maybe provide a rebuttal for this attack? and/or explain how > to make it especially secure?
You say there's an attack. Great... what is it? Someone got domain login credentials... how? Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
