Astaro.org (Read-Only)

UTM 9 WiFi & Hotspot [8.920][MYTH] Hotspot password sent in clear text

[8.920][MYTH] Hotspot password sent in clear text

wingman over 13 years ago

Hi All

The hotspot password is transmitted in clear text which is not a good idea. All logons should use SSL

POST /?action=login HTTP/1.1
accept=true&token=iwojeret62&login=Login&location=http%3A%2F%2Fwww.apple.com%2FHTTP/1.1 302 Found

Thanks

Parents

0 wingman over 13 years ago

Thanks Mario

I think that spoofing MAC address is not so hard and I still believe the login credentials should NOT be plain text. If a voucher is active for 5 days , then the attacker has a lot of time to find the MAC address of the legitimate user and uses his credentials to login to the network

I believe this is not the standard that Sophos/astaro would like to set on a Unified Threat Management (UTM) solution especially if they want to compare with bigger players out there

If this is not planned in the roadmap (please let me know) I will open a feature request for this

Thanks
Cancel
Vote Up 0 Vote Down

Sign in to reply

Verify Answer

Cancel

Reply

0 wingman over 13 years ago

Thanks Mario

I think that spoofing MAC address is not so hard and I still believe the login credentials should NOT be plain text. If a voucher is active for 5 days , then the attacker has a lot of time to find the MAC address of the legitimate user and uses his credentials to login to the network

I believe this is not the standard that Sophos/astaro would like to set on a Unified Threat Management (UTM) solution especially if they want to compare with bigger players out there

If this is not planned in the roadmap (please let me know) I will open a feature request for this

Thanks
Cancel
Vote Up 0 Vote Down

Sign in to reply

Verify Answer

Cancel

Children

No Data