Bugtraq mailing list archives
Livingston RADIUS - pwfile is plain text!!?
From: webmaster () MEGAHITS COM (webmaster () MEGAHITS COM)
Date: Thu, 18 Jul 1996 23:00:10 -0400
In a decision which I vehemently protested (not only because of the security risks it posed but also because it was the final step towards completely removing linux from our network), this company recently abandoned its Cygnus Network Security (CNS) kerberos setup on a linux 1.2.13 box, in favor of Livingston RADIUS on NT 3.51. (see http://www.livingston.com/Marketing/Products/radius.shtml) Now this very well may be the fault of those who installed it, but it seems to me, after a little investigation, that the file containing all user names and passwords is stored in C:\RADIUS\ ... as PLAIN TEXT! If this is true, and the installation was carried out correctly, then Livingston's incarnation of RADIUS is simply laughable. If not, and the people who installed it here are to blame, then shame on them for not taking the proper steps to even ATTEMPT to disguise/secure the location and contents of the password file. What I would like to know is if anyone has had any experience with this product, and can tell me what needs to be done to fix this blatantly obvious problem.
Current thread:
- Livingston RADIUS - pwfile is plain text!!? webmaster () MEGAHITS COM (Jul 18)