[pptp-server] blank username/password works!?
Dread Boy
dreadboy at hotmail.com
Fri Mar 2 11:14:42 CST 2001
Actually, it only happens when using the /etc/smbpasswd authentication. If
you put real usernames and passwords into /etc/ppp/chap-secrets blank
entries will be disallowed.
>
>Is this issue specific to the samba integration? I do not use samba
>passwords and blank username/password does not allow access to our vpn.
>
>Software Versions:
>Linux Kernel 2.2.16
>PPP 2.3.11
>PPTPD 1.0.0
>
>Thanks,
>
>Michael J. Walter
>rhce mcdba mcse+i a+
>Network Administrator
>Gliatech, Inc.
>23420 Commerce Park Rd.
>Beachwood, Ohio 44122
>Tel: (216) 831-3200
>Email: walterm at gliatech.com
>
>
>
>
>-----Original Message-----
>From: Justin Kreger [mailto:jkreger at avidsolutionsinc.com]
>Sent: Friday, March 02, 2001 7:04 AM
>To: 'Gill, Vern'; 'Andrew W. Davis'; pptp-server at lists.schulte.org
>Subject: RE: [pptp-server] blank username/password works!?
>
>
>How it could be fixed:
>
>check the lenth of the username and the secret after getting the secret, if
>both are NULL (they would have to be for MSChap/MSChapV2 to even think
>about
>working), write lets say, write an 8 bit random number into the password
>field, or the username field, this would kill MSChapV2, it would go through
>the process, and fail with Failed Username or Password.
>
>on the subject of such things, is anybody aware of any win2k
>incompatabilites with pppd?
>
>-----Original Message-----
>From: Gill, Vern [mailto:vgill at technologist.com]
>Sent: Friday, March 02, 2001 1:13 AM
>To: 'Andrew W. Davis'; pptp-server at lists.schulte.org
>Subject: RE: [pptp-server] blank username/password works!?
>
>
>-----BEGIN PGP SIGNED MESSAGE-----
>Hash: SHA1
>
>Holy Toledo Batman!!!! You are correct!!! I does not appear to be the
>guest user, either. The log file reads mschap auth succeeded for user
><blank>
>
>
>This is a SERIOUS problem that I was not previously aware of. Thank
>you for pointing that out... Wow!!! In testing I found that if you
>actually specify a USERNAME in chap-secs it will fail on a blank
>user.
>I.E.
>/etc/ppp/chap-secrets;
>user1 * &/etc/samba/smbpasswd *
>user2 * &/etc/samba/smbpasswd *
>user3 * &/etc/samba/smbpasswd *
>etc
>etc
>
>But it still allows users who are IN the file to work, even if they
>DON'T exist in smbpasswd.
>I.E.
>/etc/smbpasswd;
>user1:XXXXX:XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX:XXXXXXXXXXXXXXXXXXXXXXXXX
>XXXXXXX:[U ]:LCT-XXXXXXXX:
>user2:XXX:XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX:XXXXXXXXXXXXXXXXXXXXXXXXXXX
>XXXXX:[U ]:LCT-XXXXXXXX:
>
>Users 1 2 AND 3 CAN LOGIN SUCCESFULLY!!!!!
>
>This is REAL bad... Maybe this is something to seriously look at the
>code for. Too bad I know NOTHING about coding. I would not be of ANY
>assitance, but I would LOVE to hear if a "correction" is made to
>this...
>
>
>Thanks again for pointing this out....
>
>
>- ---> Running to nearest computer terminal to secure his network
>against intrusion
>
>-----BEGIN PGP SIGNATURE-----
>Version: PGPfreeware 6.5.8 for non-commercial use <http://www.pgp.com>
>
>iQA/AwUBOp85gBeamMdwy9TXEQLmUgCgksF290fkMVzt3P6l0GBfdYCZ+tAAniDo
>WI3GQspdWQ3YoBhgXY/bPO2y
>=/Gx7
>-----END PGP SIGNATURE-----
>_______________________________________________
>pptp-server maillist - pptp-server at lists.schulte.org
>http://lists.schulte.org/mailman/listinfo/pptp-server
>List services provided by www.schulteconsulting.com!
>_______________________________________________
>pptp-server maillist - pptp-server at lists.schulte.org
>http://lists.schulte.org/mailman/listinfo/pptp-server
>List services provided by www.schulteconsulting.com!
>_______________________________________________
>pptp-server maillist - pptp-server at lists.schulte.org
>http://lists.schulte.org/mailman/listinfo/pptp-server
>List services provided by www.schulteconsulting.com!
_________________________________________________________________________
Get Your Private, Free E-mail from MSN Hotmail at http://www.hotmail.com.
More information about the pptp-server
mailing list