[pptp-server] blank username/password works!?
Gill, Vern
vgill at technologist.com
Fri Mar 2 00:13:06 CST 2001
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Holy Toledo Batman!!!! You are correct!!! I does not appear to be the
guest user, either. The log file reads mschap auth succeeded for user
<blank>
This is a SERIOUS problem that I was not previously aware of. Thank
you for pointing that out... Wow!!! In testing I found that if you
actually specify a USERNAME in chap-secs it will fail on a blank
user.
I.E.
/etc/ppp/chap-secrets;
user1 * &/etc/samba/smbpasswd *
user2 * &/etc/samba/smbpasswd *
user3 * &/etc/samba/smbpasswd *
etc
etc
But it still allows users who are IN the file to work, even if they
DON'T exist in smbpasswd.
I.E.
/etc/smbpasswd;
user1:XXXXX:XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX:XXXXXXXXXXXXXXXXXXXXXXXXX
XXXXXXX:[U ]:LCT-XXXXXXXX:
user2:XXX:XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX:XXXXXXXXXXXXXXXXXXXXXXXXXXX
XXXXX:[U ]:LCT-XXXXXXXX:
Users 1 2 AND 3 CAN LOGIN SUCCESFULLY!!!!!
This is REAL bad... Maybe this is something to seriously look at the
code for. Too bad I know NOTHING about coding. I would not be of ANY
assitance, but I would LOVE to hear if a "correction" is made to
this...
Thanks again for pointing this out....
- ---> Running to nearest computer terminal to secure his network
against intrusion
-----BEGIN PGP SIGNATURE-----
Version: PGPfreeware 6.5.8 for non-commercial use <http://www.pgp.com>
iQA/AwUBOp85gBeamMdwy9TXEQLmUgCgksF290fkMVzt3P6l0GBfdYCZ+tAAniDo
WI3GQspdWQ3YoBhgXY/bPO2y
=/Gx7
-----END PGP SIGNATURE-----
More information about the pptp-server
mailing list