[pptp-server] Yes, blank username/password works!
Adam Tauno Williams
adam at morrison-ind.com
Fri Mar 2 15:46:04 CST 2001
>1) If you have configured your PopTop/PPPD system to re-direct PPTP
>tunnel authentication to use the libsmbpw.o lib's (smbpasswd), then your
>system appears to be vulnerable to the blank user/pass exploit mentioned in
>this thread.
>2) Those of you who are still using the chap-secrets file (no re-direct)
>for tunnel authentication are NOT vulnerable to the blank user/pass
>exploit mentioned in this thread. I just verified this on my PopTop server!
>I do >not use the re-direct to libsmbpw.o
FWIW, I've tested my ppp/pptpd modified for LDAP authentication and been unable
to duplicate this exploit.
Systems and Network Administrator
Morrison Industries
1825 Monroe Ave NW.
Grand Rapids, MI. 49505
More information about the pptp-server
mailing list