Astaro.org (Read-Only)

UTM 9 WiFi & Hotspot [8.920][MYTH] Hotspot password sent in clear text

[8.920][MYTH] Hotspot password sent in clear text

wingman over 13 years ago

Hi All

The hotspot password is transmitted in clear text which is not a good idea. All logons should use SSL

POST /?action=login HTTP/1.1
accept=true&token=iwojeret62&login=Login&location=http%3A%2F%2Fwww.apple.com%2FHTTP/1.1 302 Found

Thanks

Parents

0 trollvottel over 13 years ago

IMHO that is not a security issue. The login code is transmitted in cleartext, yes. But it's immediately internally assigned to the MAC address of the user issuing the initial login (and only *he* knows the code in the first place because it was given to him, right?). Sniffing that login is only useful when more than a single device is allowed for that voucher, otherwise you'd have to spoof his MAC as well.
Cancel
Vote Up 0 Vote Down

Sign in to reply

Verify Answer

Cancel

Reply

0 trollvottel over 13 years ago

IMHO that is not a security issue. The login code is transmitted in cleartext, yes. But it's immediately internally assigned to the MAC address of the user issuing the initial login (and only *he* knows the code in the first place because it was given to him, right?). Sniffing that login is only useful when more than a single device is allowed for that voucher, otherwise you'd have to spoof his MAC as well.
Cancel
Vote Up 0 Vote Down

Sign in to reply

Verify Answer

Cancel

Children

No Data