[pptp-server] blank username/password works!?
Gill, Vern
vgill at technologist.com
Fri Mar 2 11:15:46 CST 2001
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Yes, this is specifically when using a patch to pppd that allows you
to use your smbpasswd file for authentication...
- -----Original Message-----
From: Michael Walter [mailto:walterm at gliatech.com]
Sent: Friday, March 02, 2001 8:09 AM
To: 'pptp-server at lists.schulte.org'
Subject: RE: [pptp-server] blank username/password works!?
Is this issue specific to the samba integration? I do not use samba
passwords and blank username/password does not allow access to our
vpn.
Software Versions:
Linux Kernel 2.2.16
PPP 2.3.11
PPTPD 1.0.0
Thanks,
Michael J. Walter
rhce mcdba mcse+i a+
Network Administrator
Gliatech, Inc.
23420 Commerce Park Rd.
Beachwood, Ohio 44122
Tel: (216) 831-3200
Email: walterm at gliatech.com
- -----Original Message-----
From: Justin Kreger [mailto:jkreger at avidsolutionsinc.com]
Sent: Friday, March 02, 2001 7:04 AM
To: 'Gill, Vern'; 'Andrew W. Davis'; pptp-server at lists.schulte.org
Subject: RE: [pptp-server] blank username/password works!?
How it could be fixed:
check the lenth of the username and the secret after getting the
secret, if
both are NULL (they would have to be for MSChap/MSChapV2 to even
think about
working), write lets say, write an 8 bit random number into the
password
field, or the username field, this would kill MSChapV2, it would go
through
the process, and fail with Failed Username or Password.
on the subject of such things, is anybody aware of any win2k
incompatabilites with pppd?
- -----Original Message-----
From: Gill, Vern [mailto:vgill at technologist.com]
Sent: Friday, March 02, 2001 1:13 AM
To: 'Andrew W. Davis'; pptp-server at lists.schulte.org
Subject: RE: [pptp-server] blank username/password works!?
- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Holy Toledo Batman!!!! You are correct!!! I does not appear to be the
guest user, either. The log file reads mschap auth succeeded for user
<blank>
This is a SERIOUS problem that I was not previously aware of. Thank
you for pointing that out... Wow!!! In testing I found that if you
actually specify a USERNAME in chap-secs it will fail on a blank
user.
I.E.
/etc/ppp/chap-secrets;
user1 * &/etc/samba/smbpasswd *
user2 * &/etc/samba/smbpasswd *
user3 * &/etc/samba/smbpasswd *
etc
etc
But it still allows users who are IN the file to work, even if they
DON'T exist in smbpasswd.
I.E.
/etc/smbpasswd;
user1:XXXXX:XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX:XXXXXXXXXXXXXXXXXXXXXXXXX
XXXXXXX:[U ]:LCT-XXXXXXXX:
user2:XXX:XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX:XXXXXXXXXXXXXXXXXXXXXXXXXXX
XXXXX:[U ]:LCT-XXXXXXXX:
Users 1 2 AND 3 CAN LOGIN SUCCESFULLY!!!!!
This is REAL bad... Maybe this is something to seriously look at the
code for. Too bad I know NOTHING about coding. I would not be of ANY
assitance, but I would LOVE to hear if a "correction" is made to
this...
Thanks again for pointing this out....
- - ---> Running to nearest computer terminal to secure his network
against intrusion
- -----BEGIN PGP SIGNATURE-----
Version: PGPfreeware 6.5.8 for non-commercial use
<http://www.pgp.com>
iQA/AwUBOp85gBeamMdwy9TXEQLmUgCgksF290fkMVzt3P6l0GBfdYCZ+tAAniDo
WI3GQspdWQ3YoBhgXY/bPO2y
=/Gx7
- -----END PGP SIGNATURE-----
_______________________________________________
pptp-server maillist - pptp-server at lists.schulte.org
http://lists.schulte.org/mailman/listinfo/pptp-server
List services provided by www.schulteconsulting.com!
_______________________________________________
pptp-server maillist - pptp-server at lists.schulte.org
http://lists.schulte.org/mailman/listinfo/pptp-server
List services provided by www.schulteconsulting.com!
_______________________________________________
pptp-server maillist - pptp-server at lists.schulte.org
http://lists.schulte.org/mailman/listinfo/pptp-server
List services provided by www.schulteconsulting.com!
-----BEGIN PGP SIGNATURE-----
Version: PGPfreeware 6.5.8 for non-commercial use <http://www.pgp.com>
iQA/AwUBOp/UzxeamMdwy9TXEQLWZQCghoNPG6IVGd8ZTDdizIYz+1dqe0oAoPbD
FnX9CqvWF9t6SxLrg6IZu5KJ
=Cjf0
-----END PGP SIGNATURE-----
More information about the pptp-server
mailing list