Hi, > >> I was told there is a plugin for FreeRadius that can be used to >> retrieve the username/password of the EAP request. Is this true? > > No...? > > There's http://www.willhackforsushi.com/FreeRADIUS_WPE.html, but it's > not a complete solution in itself... >
Uh, what a lame thing. It will only work on the assumption that the user does not check the server certificate, which really bad practice. The rest is a setup of FreeRADIUS which is designed to be compatible with as many EAP types as possible; so as not to disturb the end user experience. It also can't figure out if the user entered his real credentials or had a typo/intentionally put in something different. The "patch" is a few sample clients, nothing more. A nice exercise, for sure, but calling this "Pwnage Edition" is somewhat exaggerated. As I read the headline, I expected more bang for the buck :-) Greetings, Stefan Winter
- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
