[2967] in bugtraq
Re: Livingston RADIUS - pwfile is plain text!!?
daemon@ATHENA.MIT.EDU (Zeck Lim)
Fri Jul 19 14:09:13 1996
Date: Fri, 19 Jul 1996 14:50:17 -0700
Reply-To: Bugtraq List <BUGTRAQ@NETSPACE.ORG>
From: Zeck Lim <zeck@contact.com.sg>
To: Multiple recipients of list BUGTRAQ <BUGTRAQ@NETSPACE.ORG>
webmaster@megahits.com wrote:
> [stuff snipped]
names
> and passwords is stored in C:\RADIUS\ ... as PLAIN TEXT! If this is true,
> and the installation was carried out correctly, then Livingston's
> incarnation of RADIUS is simply laughable. If not, and the people who
> installed it here are to blame, then shame on them for not taking the proper
> steps to even ATTEMPT to disguise/secure the location and contents of the
> password file.
>
> What I would like to know is if anyone has had any experience with this
> product, and can tell me what needs to be done to fix this blatantly obvious
> problem.
We went around it by running a perl script which encrypts the password
file. When someone dials in and enters the password, it is 'crypted'
and compared to the 'crypted' password file. Just like unix.
--
Zeck
Systems Engineer (UNIX/Security)
CONTACT Sembawang Media DID: 65-4330469
9 Temasek Boulevard Fax: 65-4330433
#38-01/03 Suntec City Tower 2
Singapore 038989
