Collaborate Disseminate
I am trying to use Freeradius 3.0 for authentication with certificates. To generate the CA, Server and Client certificate, make is available, reading a specific configuration file for each certificates (more information about it here).
The… Continue reading Unable to decrypt password protected certificates with Freeradius or from GUI
I am discovering both Freeradius and the password hashing mechanism. I built a database (in MySQL) to store the passwords of some users. I have a user with the password in clear text, another one hashed in SHA256 without salt and the last … Continue reading How can Freeradius detect if the password provided is right when only the salted hash is stored in the database without the salt
I have this scenario:
I want to create a WiFi network for a hotel that the customers should pay to gain access to the internet.
I tried Captive portal, but captive portal is very vulnerable against MAC spoofing.
So I tried wpa2-enterpris… Continue reading How to protect against MAC spoofing in WiFi network?
I’m trying to setup an EAP-TLS with latest Freeradius on Debian Buster
Used the Freeradius to make certificates
But keep running into “unknown CA” error :
(4) Found Auth-Type = eap
(4) # Executing group from file /etc/freeradius/3.0/sit… Continue reading Freeradius eap-tls – unknown CA
This question already has an answer here:
RADIUS Authentication and Shared Secret, is secure?
1 answer
This seems like an… Continue reading How are RADIUS packets encrypted? [duplicate]
A lot of IT admins may be wondering if there is a viable FreeRADIUS alternative because of the immense amount of work it takes to go from setting up and configuring a FreeRADIUS server to actually using it. In our opinion, such an alternative exists, b… Continue reading FreeRADIUS Alternative
I’m a little new to OpenVPN. I’m trying to get google authenticator to work with OpenVPN but I’m having a little trouble. Currently I’m tring to setup a radius server to run the authentication then have the radius server use … Continue reading OpenVPN using google authenticator
I need to ensure that no un-authorized DEVICE gains access to a wireless LAN network.
Notice I said, “device”. This means that I need to ensure that only authorized personnel can join the LAN and also that they can’t use a … Continue reading Break into WPA2-Enterprise RADIUS wifi network by stealing credentials
During an authorized pentest, I found several radius servers and a /etc/raddb/server file that stores shared secret, e.g
10.10.10.10 123456 15
Now what could one do with this “shared secret”, perhaps dump the database?
… Continue reading What can I do with a radius shared secret?
Forgetting your Windows password, bidding farewell to SMS authentication, reviewing Black Hat USA 2017, Ubuntu Linux for Windows 10, and more. Jason Wood of Paladin Security joins us to discuss companies being breached due to misconfiguration on this episode of Hack Naked News! News Google wants you to bid farewell to SMS authentication – Google’s campaign to […]
The post July 18, 2017 – Hack Naked News #133 appeared first on Security Weekly.